Collateral Risk Assessment - pufETH

General

Mar 27, 2025

Useful Links

Summary

pufETH is a liquid restaking token developed by Puffer Finance that enables users to deposit ETH or its derivatives and earn yields from proof-of-stake and restaking rewards. Its repricing mechanism means the token's value increases relative to ETH over time. Users can redeem pufETH through two methods: an immediate redemption incurring a 1% fee (subject to available ETH liquidity in the PufferVault) or a fee-free two-step withdrawal process requiring up to 14-day waiting period, subject to change after EighenLayer Upgrade.

Key observations include:

  • Redemption and Liquidity: The dual redemption approach provides flexibility; however, liquidity concerns remain during periods of low asset availability, which may temporarly affect the stability of the pufETH/ETH peg.

  • Technical and Smart Contract Aspects: Smart contracts have been extensively audited by multiple reputable firms, and the protocol employs secure-signer technology and trusted execution environments (TEEs) to reduce slashing risks. Nonetheless, the absence of a continuous bug bounty program is noted as an area for improvement.

  • Dependency and Governance: pufETH depends on external systems such as EigenLayer for restaking and Base L2 for more cost-effective reward withdrawals for its validators reward withdrawals. It utilizes a detailed, multisig-based access control framework. A review of multisig threshold configurations is advised to enhance system resilience further.

Our review concludes that pufETH is technically well-constructed and has robust dependency integration and governance practices. Addressing the few identified issues—such as liquidity management, the implementation of a continuous bug bounty program, and adjustments to multisig configurations—would further support the long-term performance and resiliency of the protocol.

1. Asset Fundamentals

1.1 pufETH Overview

Puffer Protocol is a native liquid restaking protocol (nLRP) built on Eigenlayer. The native part indicates that Puffer manages the staking of the ETH deposited through permissionless validators. As a repricing token, the price of pufETH gradually increases against ETH over time. Users can deposit ETH, stETH, and wstETH to receive pufETH. The yield for pufETH comes from PoS rewards, restaking rewards from EigenLayer, and point programs.

There are two ways to redeem pufETH for ETH. The first one allows for an instant ETH redemption for a 1% fee (configured by the DAO and distributed to all pufETH holders); however, this option is only available as long as the PufferVault has enough ETH liquidity. The second method is a fee-free two-step withdrawal process that takes a minimum of 14 days due to the EigenLayer withdrawal delay and the Ethereum consensus exit queue.

1.2 System Architecture

The Puffer protocol architecture revolves around enabling independent Node Operators (NoOps) to run validators on behalf of Puffer permissionlessly, alongside facilitating restaking with an EigenLayer integration that supports permissioned node operators.

Source: Puffer Protocol Architecture. Puffer Docs

Puffer uses permissionless node operators to natively stake deposited ETH. The innovative system incentivizes and rewards NoOps for their contributions. To run a validator, NoOps must provide either 1 or 2 ETH (more on that later) and a minimum of 28 VTs (Validator Tickets). Validator Tickets are minted by Puffer and sold to NoOps, granting them the right to operate a validator for one day. Launching a new validator requires at least 28 VTs—corresponding to one month of operation. Afterward, the NoOp must top up its balance and maintain a minimum of 7 VTs per validator to avoid having the validator removed from the Ethereum consensus by Puffer.

Ticket Pricing
The VT pricing mechanism is essential to the protocol's proper operation. The price of VTs is equal to the mean expected reward per validator on Ethereum, reduced by a discount factor (currently 10%). Effectively, NoOps must prepay 90% of the mean expected reward per validator daily while retaining the remaining 10%.

During phase 1, the mean reward per validator is posted on-chain by the Guardians through the ValidatorTicketPricer contract. It is updated every 12 hours or whenever a 10% MEV reward deviation or a 5% consensus reward deviation is observed.

Source: Puffer documentation

Considering a 3% staking yield and a 10% discount, a 1-ETH bonded validator would yield a 9.6% APY. A 2-ETH bonded validator would yield a 4.8% APY—currently competitive compared to other ETH yield sources in DeFi. However, under different market conditions, the 10% discount might not provide a sufficiently high APY on the provided bond, which could discourage NoOps from participating.

NoOps must consistently maintain at least 4 VTs per validator for each day of operation. However, they should also be mindful of the opportunity cost of holding too many VTs simultaneously, as the cost is only recouped once the VTs are consumed. Maintaining a smaller VT balance may require more frequent on-chain transactions to acquire additional VTs when needed, leading to significant operational costs—particularly during high gas prices.

Additional Considerations on Validator Tickets (VTs)
The concept of VTs shifts some of the externalities of staking onto the NoOps. This includes bearing the risk of reward losses due to prolonged entry or exit queues and suboptimal staking performance. If the entry-exit queue is excessively long, NoOps may be discouraged from launching new validators—even if there is high market demand for pufETH—which could hinder the protocol's growth.

Additionally, difficulties for pufETH holders in converting pufETH back to ETH can weaken the pufETH/ETH peg, especially during periods of market turmoil. Peg deviations pose risks for borrowers on lending platforms, particularly those leveraging pufETH by borrowing ETH with a high loan-to-value (LTV) ratio. Such risks could discourage or even prevent use cases that typically boost the demand for liquid staking tokens (LSTs) or liquid restaking tokens (LRTs).

TEE Innovation
Thanks to a grant from the Ethereum Foundation, the Puffer protocol has developed an innovative method of leveraging TEE (Trusted Execution Environment) hardware components from node operators to enhance the protocol's security. A TEE is a secure hardware component in which code execution remains confidential, and its integrity is maintained—meaning that even a malicious operating system cannot tamper with a TEE once it has been initialized with code. Currently, Puffer supports only Intel SGX (which represents the majority of TEEs in consumer hardware) to establish a secure environment for hosting validator keys, generating signatures, and proving to Puffer's smart contract that a node operator is utilizing a TEE for running validators.

By default, consensus clients manage validator keys independently. However, remote signing is employed for enhanced security. Puffer uses this feature to execute validator signatures within the TEE, along with additional verifications on the payload to be signed, thereby protecting against certain slashing scenarios. Nonetheless, operating a TEE remains a trust-based process, as no NoOp is guaranteed to run one. To address this, Puffer has developed a mechanism called RAVe (Remote Attestation Verification), which allows a NoOp to prove to a smart contract—via a trustless method—that they are running a TEE with a specific code and data. By opting into this process, a NoOp can reduce their bond requirement from 2 ETH to 1 ETH, doubling their yield per bond.

1.3 Oracle Integration

1.3.1 Guardians

An important aspect of the protocol is the decentralized federation of Guardians, community members affiliated with Puffer who run off-chain services essential for the continuous operation of the protocol. As is the case for all liquid staking tokens (LSTs) and liquid restaking tokens (LRTs), these off-chain services currently handle functions that will eventually be migrated on-chain—thanks to network upgrades like EIP-7002, EIP-4788, and EIP-2537. Guardians are responsible for ejecting validators from the consensus layer, reimbursing their bonds if needed, verifying validator deposits, and provisioning validators when they meet the specified criteria.

They are also tasked with reporting the balance of ETH locked into validators on the beacon chain. Because this reported balance incorporates any slashing on the Ethereum consensus, the pufETH/ETH exchange rate appropriately reflects such events. The PufferVault contract uses the reported balance for its exchange rate computations. Maintaining accurate and prompt on-chain updates is critical; if the balance is not updated quickly following a slashing event, it could trigger a bank run where early users withdraw and sell before others.

The system is designed with 8 Guardians, and any action requires approvals from at least 7. This high threshold underscores the critical role of the Guardians. If more than one Guardian fails to operate as expected—whether due to network disruption or malicious intent—key protocol functions such as processing withdrawals, managing validator status, or distributing rewards may be compromised. Moreover, a Guardian's private key leak could enable unauthorized on-chain actions, further threatening protocol security.

Typically, federated oracles like the Guardians operate on-chain using externally owned accounts (EOAs), adding transparency and accountability. These measures ensure the protocol functions smoothly, even under adverse conditions.

1.3.2 Reward Merkle Tree

The rewards accrued by each NoOp are stored in a Merkle tree made publicly accessible on AWS S3. This approach ensures transparency and verifiability; however, it also introduces a risk: any disruption in AWS services or censorship of crypto-related activities could prevent NoOps from accessing their rewards.

1.4 Tokenomics

PUFFER is the governance token for all Puffer products and services. The total supply is capped at 1B. It also has a vote escrow governance mechanism (vePUFFER) that is used for voting and doesn't require users to specify a lockup duration. The voting power increases over time, rewarding long-term engagement, but resets upon withdrawal, incentivizing rigid lockups.

Source: PUFFER Distribution, Puffer docs.

Puffer has already distributed 85.5% of the 7.5% amount set aside for Season 1 of their airdrop, with the remaining tokens subject to a 6-month vesting period, which will conclude on April 14, 2025. Season 2 has also started, with a total of 5.5% of the supply allocated for this round.

1.4.1 Token Holder Concentration

Source: pufETH Top 100 Token Holders. Etherscan, March 17, 2025.

The top 5 holders of pufETH as of March 17, 2025, are:

The top 10 holders own 57.17% of the total supply. When considering the top 100 holders, this concentration increases to 92.14%.

2. Market Risk

2.1 Liquidity

Source: pufETH/ETH swap within 7.5% price impact, KyberSwap, March 17, 2025.

KyberSwap shows a user can swap up to 4365 pufETH ($8.65M) for USDT on Ethereum within a 7.5% price impact.

2.1.1 Liquidity Venue Concentration

Here are the top liquidity venues by TVL (as of March 17, 2025):

2.1.2 DEX LP Concentration

Although EOAs hold large liquidity positions in the available liquidity pools, their numbers compensate. Here is the breakdown for the top 3 pufETH pools by TVL (as of March 17, 2025):

2.1.3 Exchanges

pufETH is exclusively traded on DEXs and is not currently listed on any centralized exchange despite being backed by Coinbase Ventures and YZi Labs (prev. Binance Labs).

2.2 Volatility

Source: pufETH Peg Monitor, IntoTheBlock, March 17, 2025.

pufETH has had issues maintaining its peg in the past, with a maximum depeg of -5.46% observed on August 5, 2024. Since its peg has improved, it still sits at approximately 0.1%. Although this can be due to low liquidity, we believe this continuous depeg to be related to the difficulty of redeeming pufETH for ETH in the protocol, which is either possible instantly through a 1% fee or takes at least 14 days using a two-step process because of EigenLayer.

2.3 Growth

Source: Puffer LRT TVL and Inflows, IntoTheBlock, March 17, 2025.

A significant decline in the total supply of pufETH was observed after October 14, 2024, triggered by several key catalysts like Puffer Finance enabling withdrawals on pufETH, PUFFER token launch (end of airdrop season), and EigenLayer concluding its Season 2 Stakedrop and enabling transfers a couple of weeks prior in September 2024.

Once the airdrop season concluded, many airdrop farmers, including notable figures like Justin Sun, unstaked their pufETH, contributing to the decline in its TVL.

Source: LRT Market Share, Dune, March 17, 2025.

The pufETH market share of all LRTs restaking through EigenLayer currently represents 2% of the total addressable market. Puffer has had two ongoing campaigns with Season 2, but with incentives targeted at activities related to pufETH.

3. Technological Risk

3.1 Smart Contract Risk

3.1.1 Audits

All deployed smart contracts are verified on Etherscan. Puffer Finance has been audited multiple times by leading audit firms:

  • SlowMist (January 29, 2024): 1 medium risk and 1 low risk issues were found.

  • Quantstamp (February 14, 2024): 1 medium risk and several low risks issues were found.

  • Immunefi (March 7, 2024): time-limited audit competition of 2 weeks, 1 medium risk and several low risks issues were found.

  • Trail of Bits (March 25, 2024): 1 high risk and 2 medium risks issues were found.

  • Nethermind (April 16, 2024): 1 high risk and 2 medium risks issues were found.

  • Creed (May 1, 2024): 1 critical risk and 2 high-risk issues were found.

  • BlockSec (April 23, 2024): 1 high risk and 2 medium risks issues were found.

  • BlockSec (September 24, 2024): 1 medium risk and 2 low risks.

  • BlockSec (November 27th, 2024): 1 low-risk issue and several recommendations.

  • SlowMist (January 31st, 2025): Audit of the CARROT point system.

The puffer-contracts GitHub repository has been migrated on June 5, 2024. Ever since, a total of 155 commits were made. We compared the first and last commits, and found that multiple audits covered subsequent changes since then. Although we could confirm that the latest deployed contracts have been audited, we couldn't independently link an audited commit hash to the onchain deployment.

A decent amount of audits are present, and at least one audit covers all smart contract changes. A limited amount of issues are found in each audit report, and the vulnerability trend in importance is decreasing, with the last audit related to the core contracts by BlockSec on November 27, 2024, only revealing 1 low-risk issue and few recommendations.

3.1.2 Software Development Practices

The smart contracts are covered by both unit and integration tests, increasing confidence in the protocol's security and ensuring continuous functionality. Although pull requests (PRs) are used for large changes, their use is not mandatory—some minor commits are pushed directly to the main branch. Releases are tagged in version control, yet no naming convention exists for either PRs or commits. While PRs are reviewed by a different team member, their approval is not required to merge changes, and only some commits are verified using PGP key signing. This approach creates potential risks; for instance, merging or pushing commits without thorough verification and approval can serve as an attack vector. A malicious team member, or one whose credentials or machine has been compromised, could introduce harmful changes that might remain undetected until deployment. Moreover, the lack of a consistent naming convention complicates tracking changes and mapping them to specific tasks, particularly when it becomes necessary to cherry-pick commits for inclusion in future releases.

3.2 Bug Bounty Program

Puffer Finance does not currently have an active bug bounty program. Previously, the protocol collaborated with Immunefi to launch Puffer Boost, an audited competition that ran from February 22 to March 7, 2024. The program offered a $50,000 guaranteed reward pool along with an additional $200,000 for critical vulnerabilities, and it identified 14 valid vulnerabilities (categorized as medium or low severity). The full scope of the program can be found here.

The absence of a continuous bug bounty program exposes the protocol to risks: hackers and security researchers might be tempted to exploit any vulnerability by attacking the protocol directly or selling the vulnerabilities to third parties. To mitigate this risk, it is recommended that Puffer Finance establish a continuous bug bounty program covering its entire smart contract architecture in addition to its frontend and off-chain components (such as rave, secure-signer, and Guardian). A bounty set at a level corresponding to 10% of the TVL or $1 million should be sufficient to deter malicious behavior while remaining affordable.

Moreover, adopting a reputable bug bounty platform like Immunefi and clearly defining the scope of what is in or out of bounds will enhance the overall security posture of the protocol. For added transparency and auditability, we suggest making the Guardians' code open source and integrating it into the bug bounty program, as it is currently not publicly available on Puffer Finance's GitHub.

3.3 Dependency Risk

3.3.1 EigenLayer

Puffer integrates with EigenLayer to restake its assets. Although not activated yet, restaked assets may be slashed if ReOps fail to perform as expected by the corresponding AVS, each with its requirements and slashing conditions. Slashing mechanisms can take a large sum from the ReOp balance or apply a small, continuous penalty. Moreover, a 14-day withdrawal delay applies to all restaked assets and any exit queue imposed by the Ethereum consensus layer. For instance, if execution rewards (such as MEV rewards and transaction tips) are sent directly to the NoOp's wallet, any consensus rewards must be claimed from the EigenPod with a delay.

This risk-free validation of large AVSs has traditionally encouraged LRT protocols to aggregate many AVS validations. However, once slashing mechanisms become active, such a practice could result in excessive exposure to slashing risks, particularly if some AVSs have requirements and conditions that outweigh their benefits. Similarly, the 14-day minimum before assets can be withdrawn represents a significant drawback for pufETH holders by introducing opportunity costs and increased market exposure. In practice, users might opt to sell their pufETH on the secondary market if the exchange rate is not more favorable than the yield they would otherwise earn in 14 days. This scenario is especially likely if users require rapid access to their underlying assets during potential liquidation or significant market opportunities.

Given these risks, Puffer must exercise heightened vigilance when activating EigenLayer's slashing features. This entails carefully reviewing the AVSs selected for validation, which may demand more human oversight and specialized talent than anticipated. To mitigate the negative externalities associated with extended withdrawal delays, a possible strategy would be to restake only 90% of the deposited asset while prioritizing the expedited exit of validators managing the remaining 10%. Such an approach would shorten the two-step withdrawal requests to align with the typically shorter exit queue of the Ethereum consensus layer, thereby minimizing the impact on the pufETH yield.

3.3.2 Base L2

NoOps must interact continuously with Ethereum to withdraw their staking rewards and buy VT tokens needed for validator operations. Due to the high cost of these actions on L1, Puffer has shifted reward withdrawals to Base L2, where transaction fees are much lower, while VT purchases continue to occur on L1 with higher gas costs. However, Base remains at stage 0 in the L2beat classification because it allows for instant upgrades of its contracts. Moreover, Base is owned by Coinbase—a US-regulated entity subject to American regulations—which could, in the future, negatively impact Puffer NoOps by potentially restricting their ability to withdraw rewards from the protocol.

To mitigate these risks, it is recommended that NoOps maintain the ability to withdraw their rewards directly on L1, even if that route is more expensive. Additionally, the protocol could implement a mechanism to batch reward distributions into a single call that anyone could execute, with the protocol covering the transaction fees via gasless transactions. This approach would reduce dependency on Base for reward withdrawals and help safeguard against regulatory or technical issues impacting NoOps.

4. Counterparty Risk

4.1 Governance

PUFFER is the governance token of Puffer Finance. Holders can stake their PUFFER tokens for vePUFFER and gain voting rights. The staking of PUFFER for vePUFFER gives continuous voting power to its holder. Redeeming vePUFFER for PUFFER takes at least one month because an exit queue prevents certain governance attacks.

Source: Puffer DAO Governance Model, Puffer Docs.

A minimum five-day discussion period allows community members to study the proposal on the Puffer Governance Forum. After the discussion period, the Puffer Governance Review Committee evaluates and finalizes the proposals for voting, which takes at least 2 days. The voting lasts seven days and occurs every Thursday at midnight UTC. A simple majority decides the quorum. A minimum warmup period of 3 days is required for vePUFFER to become active for a vote. Voting is exclusive to vePUFFER holders and is conducted through the vote. Puffer.fi platform.

The Puffer protocol's access control system is managed by the AccessManager contract, which governs roles, their assignments, and the functions accessible under each role. This comprehensive system relies on several controlling wallets: the Pauser Multisig (a 1/12 Safe multisig used for pausing parts of the protocol), the Operations Multisig (a 3/6 Safe multisig responsible for day-to-day protocol operations), the Community Multisig (a 3/8 Safe multisig that can quickly act to censor pending operations if needed), and a Timelock that enforces a 7-day delay on sensitive changes. These wallets control a range of essential protocol contracts, including the ERC20 token pufETH, the PufferVault for managing assets and allocating them to NoOps for staking, the PufferDepositor that facilitates asset swaps into ETH, the PufferOracle which establishes fair market rates between pufETH and ETH, and other contracts such as the EnclaveVerifier, GuardianModule, and PufferProtocol. The role assignments within this ACL have been carefully defined—for example, the Timelock holds the Admin role. In contrast, withdrawal finalization and revenue deposit roles are entrusted to the PufferDepositor and Operations Multisig, among other specialized assignments like the Puffer Vault Withdrawer and pufETH Burner roles. An exhaustive list of all roles, their assignments, and authorized function selectors is available in the deployments-and-ACL repository.

This flexible access control mechanism equips the protocol with granular control over its operations, yet its security depends entirely on the accuracy and integrity of the on-chain ACL configuration. Balancing this flexibility with maintainability is crucial, as an overly complex role structure can become difficult to manage. The design of the Pauser Multisig introduces a vulnerability: any signer on this 1/12 multisig could potentially remove all other signers and unilaterally prevent the pausing of protocol operations. To mitigate these risks, it is advisable to streamline the proliferation of roles and assignments and to replace the current pauser model with a setup where only the Operations Multisig and the Community Multisig are empowered to unpause the system and manage pauser role assignments.

4.2 Regulatory Risk

Puffer's Terms of Service describe the platform and technologies operated by a Cayman Islands foundation company that provides a website (Puffer.fi) and related functionalities. The Services themselves largely revolve around offering information, online tools, and technologies that connect to public blockchains without guaranteeing the execution or settlement of trades. In essence, Puffer makes a technological gateway available for users to explore decentralized networks but does not assume any role akin to a broker or fiduciary. If someone disagrees with the Terms, they must discontinue using the platform.

Within the Terms, there is a strict emphasis on lawful use. Puffer prohibits any conduct that disrupts, damages, or otherwise interferes with the Services or other users' experiences. This includes bans on hacking attempts, probes of system vulnerabilities, or usage that breaches laws, regulations, or third-party rights. Users are similarly warned against any behavior that could expose Puffer or its user community to legal or security risks. Puffer reserves broad powers to restrict or terminate access in the event of misuse.

The Terms also contain comprehensive disclaimers, clarifying that the Services are provided "as is" and "as available." Users are reminded that reliance on any information presented is at their own risk and that Puffer cannot guarantee continuous, uninterrupted, or error-free access. Any content from third-party sources on the platform remains the responsibility of the original contributor, and Puffer explicitly disclaims liability for errors, inaccuracies, or harm that might arise from such content. There is no promise of reliability, safety, or fitness for any specific purpose, highlighting that users should exercise independent judgment when using or relying upon the Services.

Moreover, users should be aware that Puffer's liability is significantly limited. The company expressly excludes liability for indirect, incidental, or consequential damages (like lost profits or data), and it imposes a cap of one hundred dollars for any claims related to the use of its Services.

Finally, the Terms set forth a dispute resolution framework built around binding arbitration. Instead of going before a judge or jury, most disputes must be settled individually by arbitration, conducted under JAMS rules, with a short window for users to opt-out. This ensures that users know they are giving up their right to a trial by jury and any opportunity to participate in class or collective actions against Puffer. The Terms allow small claims court in certain instances and maintain an avenue to seek injunctions or protective orders in intellectual property matters. Users who wish to sidestep arbitration must do so within thirty days of their first use of the Services, thereby preserving the right to litigate in court for that limited period if they so choose.

Menu

Our Service

Research

Risk Monitor Portal

Contact

© 2025 Llama Risk. All rights reserved.

Privacy Policy

Terms of Service