Apr 20, 2024
Useful Links
Website: mantle.xyz/meth
Documentation: gitbook.io
Social: twitter.com/0xMantle
Contracts: docs.mantle.xyz/meth
Markets: ByBit (mETH/ETH, mETH/USDT) | Agni Finance (mETH/WETH) | FusionX V3 (mETH/ETH) | Butter.xyz (mETH/WETH)
Dashboards: meth.mantle.xyz/stats | Mantle Treasury
Introduction
This report is conducted by the Prisma independent risk and research team operated by Llama Risk as part of a series on LSD collateral risk assessments. In this report, we examine Mantle's mETH.
This report will comprehensively cover all relevant risk factors of Mantle's mETH for collateral onboarding. Our approach involves both quantitative and qualitative analysis to help determine whether the collateral can be safely onboarded and to what extent there should be restrictions on the Protocol's exposure to the collateral.
As Prisma will be onboarding a variety of LSDs as collateral, our review involves comparative analysis to determine suitability as collateral. Risks are categorized into:
Market Risk - risks related to market liquidity and volatility
Technology Risk - risks related to smart contracts, dependencies, and Oracle price feeds
Counterparty Risk - risks related to governance, centralization vectors, and legal/regulatory considerations
These risk categories will be summarized in the final section of this report and are meant to assist tokenholders in their determination around mETH onboarding and setting suitable parameters.
Section 1: Protocol Fundamentals
This section addresses the fundamentals of the proposed collateral. It is essential to convey (1) the value proposition of mETH, and (2) the overall architecture of the Protocol. This section contains descriptive elements that cannot be quantified and act as an explanatory introduction to the collateral.
This section is divided into two sub-sections:
1.1: Description of the Protocol
1.2: System Architecture
1.1 Description of the Protocol
Mantle is a DAO that develops and administrates several products on Ethereum related to DeFi and network infrastructure. Initially an L2 rollup built on Ethereum, it gradually developed a complete ecosystem, all of that in a completely decentralized way thanks to the contribution of its DAO members. The 19th of May 2023, the BitDAO community voted in favor of BIP-21, a proposal to merge Mantle and BitDAO, which was the largest DAO by treasury size at the time. To enact this merger, the BIT token was made convertible for MNT tokens, a new token for the resulting unified ecosystem, and three products were inherited by the new platform: the Mantle network, the Mantle treasury, and the Mantle governance.
Mantle LSP is a new product that was first proposed to the Mantle community in July 2023 on their forum. In August 2023, a governance proposal was accepted to allow the staking of treasury ETH into Mantle mETH, which would bootstrap the Mantle LSP with 40,000 ETH right away. In October 2023, a first permissioned alpha was launched with a 1,000 mETH cap. This cap was then gradually increased to 600,000 mETH until the launch of "Mainnet v1" in December 2023.
Mantle LSP aims at being a simple yet powerful and secure liquid staking solution, administered through best in class decentralization practices through its DAO. Tightly integrated within Mantle's ecosystem, especially when it comes to its governance, Mantle LSP is yet another option for liquid stakers with its own set of strenghs and weaknesses. In this report, we will provide a complete risk analysis of this protocol and of the mechanisms with which it integrates with the Mantle DAO.
1.1.1 Underlying Collateral
Like most liquid staking tokens, mETH is a yield-bearing asset with a soft peg to ETH that is backed by staked ETH. Only two operations are available for users: they can deposit ETH into Mantle's contracts in exchange for mETH, a receipt token, or later redeem this same mETH in exchange for an amount of ETH corresponding to the ETH principal plus any staking rewards accumulated during the liquid staking token holding period.
Deposited ETH is automatically allocated to a set of professional node operators working on behalf of Mantle. The allocation is triggered by offchain services operating with limited permissions that are enforced by the smart contracts for security. The flow of capital is strictly unidirectional; user deposits to the staking contract are allocated to validators operated by node operators. Upon withdrawal, ETH is sent back to the staking contract where users can get back their ETH principal plus staking rewards.
It is important to note that node operators are not required to provide a bond nor have to sign a contract to operate on behalf of Mantle. The enforceability of contractual obligations is an unexplored matter since Mantle has not publicly designated an entity to liaise with node operators. Consequently, the relation between Mantle and the node operators can be considered as being solely based on trust, and the only incentive for node operators to behave is the risk for them to lose their reputation. Throughout our communications, the Mantle team has remained oddly secretive regarding its relationship with node operators.
1.1.2 Yield Accrual Mechanism
mETH accrues yield through an increasing exchange rate for ETH, thanks to accumulated rewards from Mantle's validators. At all times, the total supply of mETH is always equal to the total amount of ETH principal deposited into the Mantle staking protocol. It does not use the rebase token pattern, where one's balance of mETH would automatically increase at fixed intervals. Instead, a ReferenceRate
distributes yield through rate updates based on the total controlled ETH within the system divided by the total mETH supply:
A notable innovation brought by Mantle is a mechanism used to mitigate what is called Unstake Griefing. Because of the beacon chain entry and exit queue, staked ETH can spend anywhere between zero to several months without earning rewards. Since mETH exchange rate is a direct function of the amount of ETH into the system, a large amount of ETH in the entry or exit queue could negatively impact the exchange rate of mETH. One could even exploit the mETH exchange rate by timing their deposits and withdrawals to maximize the amount of staked ETH in the entry and exit queue.
To mitigate Unstake Griefing, Mantle adds a discount to the exchange rate when users unstake their ETH: it is equal to the reward loss induced by the time spent in both the entry and exit queue. Therefore, one would pay a penalty that is proportional to the sum of both queue lengths, hence incentivizing users to wait until they reduce in size. The loss due to the entry and exit queues is therefore that of specific unstaking requests instead of being socialized across all stakers. The exchange adjustment rate is a parameter of the staking contract that can only be updated by the STAKING_MANAGER_ROLE
assigned to the Mantle Security Council wallet, a 6/13 multisig address.
1.1.3 Provider Fee
Mantle levies a 10% fee on all staking rewards. Node operators are paid, in part, using this 10% fee. Any remaining revenue after payment to node operators accrues to the Mantle treasury, and therefore to all MNT token holders. This fee is set into the Return Aggregator smart contract and can be updated by the AGGREGATOR_MANAGER_ROLE
, which is subject to a medium security risk rating, and that is assigned to the Mantle Security Council wallet, a 6/13 multisig.
The staking exchange rate is given by the following formula:
The withdrawal exchange rate is given by the following formula:
1.1.4 Node Operator Set
Mantle delegates the responsibility of running validators to 4 professional node operators:
Blockdaemon, 0.99% of total stake.
P2P, 2.67% of total stake.
A41, 1.11% of total stake.
StakeFish, 2.11% of total stake.
The allocation of deposited ETH to node operators and the exit of validators is done through offchain services operated by Mantle; those tasks are respectively done by the Allocator service and the Initiator service. Those services expose HTTP endpoints that return the information needed to start and exit validators.
1.1.5 Validator Selection
Professional node operators are selected based on several factors including the fee they charge on the validator's staking rewards and their track record and reliability as node operators.
It is important to note that node operators are in charge of the validator keys, and are expected to set the correct withdrawal address when a validator is created. However, before funding a validator, the Initiator offchain service will validate the validator information provided by the node operators against the information available onchain to make sure that no attempt is made to steal funds.
Once set, the withdrawal cannot be changed. In essence, the only way a node operator could steal funds from an active validator is by changing the fee recipient for execution and MEV rewards. This is easily mitigated by having the Guardian offchain service monitor the validators at all times to detect such attempt.
1.1.6 Validator Collateralization
Validators are not collateralized, meaning that the professional node operators have no direct economic incentives to operate as expected. They only have their reputation to protect, the loss of which could result in reduced future opportunities and revenues.
It is interesting to note that the staking contract has a topUp function that only the TOP_UP_ROLE
can call and send ETH to. Although not clearly acknowledged, the documentation hints at a situation where, if the total ETH principal backing mETH were to be lower than expected, Mantle could step-in and make mETH holders whole again. Scenarios where the ETH principal amount could become lower than expected includes slashing events and security breach of the contracts resulting in loss of funds, for instance. Most likely, the decision to topUp
the ETH balance would have to go through governance voting, and the funds would come from the Mantle treasury.
1.1.7 Governance Model
All Mantle products, including Mantle LSP, undergo a DAO Governance process. The Mantle DAO is made up of MNT token holders who can propose and vote for protocol changes. Voting is handled by Snapshot (an offchain process) and executed onchain by the Mantle team. The Governance model is transparent, with an extensive documentation available here.
Governance Process
The typical governance proposal process is as follow:
A governance proposal is made on the Mantle forum. MIPs (Mantle Improvement Proposal) are debated and improved upon by the community.
Once sufficient support from the community is gathered, the MIP is submitted to a vote through the Governance Module. This Governance Module is currently the snapshot.org offchain voting system. The voting strategy is linear, with a minimum proposal threshold of 200,000 MNT tokens, and a quorum threshold of 100,000,000 MNT tokens for a positive vote to be accepted. The minimum voting duration is 7 days.
If accepted, an MIP is executed by the Mantle Core Team. Although changes could be deployed onchain in a trustless way, most changes are currently being deployed offchain by the Mantle Core Team, hence requiring a certain level of trust from the community.
The Mantle Governance system was effectively born from the merger between BitDAO and Mantle through the ratification of BIP-21. Conversion of BIT tokens for MNT tokens on a 1-1 basis was then enacted by MIP-22. It is important to note that the Mantle Governance and its underlying DAO are fully flexible and upgradable, and that MNT token holders can vote to change any aspect of the Mantle Governance process, as well as any Mantle product under its control.
Tokenomics
On the 7th July 2023, the initial distribution of the MNT tokens was such that 51% of the MNT tokens were circulating, while 49% were held within the treasury. As of today (17th of March 2024), we count a total of 6,219,316,795 MNT tokens; of those, we estimate that at least 2,866,781,565 (46%) are still held within Mantle's treasury and various wallets. This initial distribution is not subject to any vesting period.
Source: Mantle governance documentation
The MNT token is both a governance token and a utility token. Currently, the unique utility of the token is to serve as a gas token on the Mantle Network, the L2 chain that preceded the creation of mETH. MNT tokens that are currently being held within the treasury are expected to be used for the following applications:
User incentives to drive Mantle product adoption and synergies.
Technology partner incentives to foster collaboration with third-parties.
Compensation for the Mantle core team and advisers who contribute to the success of the project.
The current allocation of assets and the various treasury strategies can be monitored using the Mantle Treasury dashboard.
1.2 System Architecture Diagram
1.2.1 Network Architecture Overview
The Mantle LSD has a simple objective: allow users to stake their ETH in exchange for a receipt token, mETH, and then to later redeem their principal ETH plus staking rewards by burning this token. The architecture reflects this simple goal by being concise and straightforward, utilizing both on and offchain components.
Users can deposit any amount of ETH into the Mantle staking contract. Once multiples of 32 ETH are accumulated into the staking contract, offchain services will request node operators to create new validators and fund them. Withdrawal requests are served using ETH deposits from new stakers in priority and, if not sufficient, offchain services will exit validators to fulfill them.
The Oracle involves an offchain and onchain component. Oracles clients transmit consensus layer data to execution layer contracts, including the amount of ETH in validators, number of validators with ETH, number of validators deposited and withdrawn, and rewards and principals received. The OracleQuorumManager ensures consensus of the oracles and the Oracle contract receives and validates the oracle data with sanity checks.
The Allocator offchain service moves ETH around the different smart contracts depending on deposit and withdrawal requests, and can request node operators to exit validators if needed. The Initiator offchain service is responsible for monitoring deposits and will create new validators by interacting with node operators if needed.
Consensus layer rewards and execution rewards are respectively received by two different smart contracts. A ReturnsAggregator smart contract then concentrates the rewards and split them into user rewards (90%) and service fee (10%). The user rewards are sent to the staking contract and can be either withdrawn by users or be compounded by funding new validators. According to the Mantle documentation, half of the service fee (5% of the total rewards) is used to pay professional node operators, while the remaining 5% accrues to the Mantle Treasury.
The simplicity of this architecture is by design: according to the Mantle documentation, it is easier to secure a smaller amount of code. It is indeed common engineering wisdom to create simple components and later combine them in more complex ways rather than try to build something complex from the ground up.
1.2.2 Architecture Diagram
Below is a simplified representation of the different functional parts behind mETH.
Source: Mantle documentation
1.2.3 Key Components
Staking contract
The main contract of the protocol, and the only one with which users ever have to interact. It supports staking (deposits) and withdrawal requests from users (burning of mETH tokens), and also keeps track of the total amount of ETH deposited and accrued rewards.
Offchain services
A total of 4 offchain services are enabling the mETH architecture: the TVL consensus Oracle, the Initiator, the Allocator, and the Guardian. Of those, only the Guardian has a passive role and is not required for the mETH system to operate nominally, since its task is to pause the system if an unexpected state is detected. For more details about those offchain services, please refer to section 4.2.1 Dependencies.
Return aggregator
Receives all staking rewards from the execution and consensus layer, as well as the staking principal of a validator (32 ETH) in case of validator exits. Uses the Oracle to split the rewards between users and the protocol.
Section 2: Performance Analysis
This section evaluates mETH from a quantitative perspective. It analyzes token usage and competitive metrics and addresses any subsidized economic activity.
This section is divided into three sub-sections:
2.1: Usage Metrics
2.2: Competitive Analysis Metrics
2.3: Subsidization of Economic Activity
2.1 Usage Metrics
2.1.1 Total Value Locked (TVL)
The total supply is currently limited by the protocol to 600,000 mETH. DefiLlama tracks ETH TVL in Mantle mETH over time:
The chart provided below displays the Total Value Locked (TVL) for the Mantle ETH Staking protocol over the past 90 days denominated in USD.
Source: Defi Llama
This early surge in TVL aligns with the strategic distribution of mETH and the incentivization offered by the additional yields from the Mantle treasury. The TVL stabilization, despite a decrease in the broader crypto market, suggests a sustained confidence in the protocol, likely influenced by Mantle LSP’s performance and its competitive yield offerings compared to other ETH staking protocols.
2.1.2 Transaction Volume
Transaction volume shows onchain transfer value of mETH over the observed time period.
Source: Bitquery
Transfer count shows the onchain daily transfers of mETH based on onchain data over the observed time period.
Source: Bitquery
2.1.3 DEX Volume
DEX volume shows the aggregate daily trade volume across all onchain venues over the observed time period.
Source: Bitquery
2.1.4 Average Transaction Size
The average transaction size shows the daily average transfer size based on onchain data over the observed time period.
Source: Bitquery
2.1.5 Trading Volume to Market Capitalization Ratio
Trading volume to market cap ratio shows the global daily trade volume divided by the daily mETH market cap to normalize trade volume to the size of the market.
Source: Defi Llama and CoinGecko
2.1.6 Active Addresses/Users
Active addresses shows daily unique addresses that initiate a mETH transaction.
Source: Dune
Daily active addresses seems to be correlated with overall market activity, which is to be expected.
2.1.7 User Growth
We measure user growth by observing daily unique addresses that are holders of mETH.
Source: Dune
Users reached a peak of ~3500 unique holders at the end of January 2024, and then stabilized at around 3000.
2.2 Competitive Analysis Metrics
2.2.1 Market Share
As of April 5, mETH has reached a peak dominance of 3.98% in the overall LSD market. Its dominance quickly grew since inception in December 2023 and has stabilized in the 3.75%-4% range in recent months. This ranks it #4 in LSDs by TVL, following stETH, rETH, and WBETH.
Source: Defi Llama | Date: 3/22/2024
The chart below shows mETH's trend in market dominance over time.
Source: Defi Llama
2.2.2 Inflows Share
In the figure below, we compare the flows of 4 of the biggest LSDs by TVL against mETH (stETH, cbETH, rETH and WBETH). Notably, stETH appears in blue, and mETH appears in red. Since its inception, we can see that mETH had a comparatively high inflow — sometimes higher than the absolute volume of stETH — although not consistently higher than the average stETH inflow. This echoes the high growth rate of mETH, reaching almost 4% of the LSD market share over a 4 months period.
Source: DeFillama
2.2.3 Protocol Staking Yield
DeFillama indicates a mean APY of 6.84% since mETH inception. We can see that mETH started at around 4% — which is the expected yield for Ethereum staking — and then increased to around 7%. This is because of the "Double-Dose Drive" staking incentive that is funded by the Mantle Treasury.
Source: DeFillama
The Compass Staking Yield Reference Index Ethereum (STYETH Index) measures the annualized daily staking yield obtained when staking on the Ethereum blockchain. Against this benchmark, we can observe the relative performance of mETH staking yield over time.
Source: DefiLlama and Compassft
2.2.4 Slashing Rate
To the best of our knowledge, no validator operated on behalf of Mantle has been slashed.
2.3 Subsidization of Economic Activity
2.3.1 Existence of an Incentive Program
The mETH "Double-Dose drive" incentive is the principal way that Mantle uses to incentivize the use of mETH. We believe this incentive significantly contributed to the high growth rate of mETH over the last 4 months. Apart from that, Mantle LSP also indirectly benefits from two ecosystem wide incentive programs: the Mantle Grants Program and the Mantle EcoFund.
mETH Double-Dose drive The Mantle Double-dose drive initiative rewards early adopters of mETH by doubling the staking yield to reach an average yield of 6.84%. This is achieved by topping-up the balance of ETH in the mETH staking contract using the topUp function with funds from the Mantle treasury. Starting December 22 2023, it is expected to last a minimum of 2 months (end April 1th 2024).
Mantle grants program
The Mantle Grants Program aims at fostering the development of the Mantle ecosystem by allocating 25,000 MNT tokens to eligible projects that are "casual in nature". It is not centered uniquely on mETH and considers applications of various nature including but not limited to: social, art, prediction markets or on-chain games. Retrospective grant applications are accepted, and a minimum allocation of 10 grants per month is targeted. Applications can be made through an online form.
Mantle EcoFund
The Mantle EcoFund is a 200 million dollars capital pool that invests in technology partners and applications based on the Mantle ecosystem. Approved July 15th 2023 via the MIP-24 proposal, it targets projects with the potential to onboard 1000+ daily active users on Mantle Network and that foster synergies with other applications in the ecosystem. Applications can be made using an online form. A predefined set of target applications is provided, including but not limited to:
Sustainable Yield: ETH Staking-Sourced
Structured Product: Vault, ETF, Financial NFT
Lending: Liquidation and non-Liquidation types
DEX: AMM
Section 3: Market Risk
This section addresses the ease of liquidation based on historical market conditions. It seeks to clarify (1) the Liquid Staking Basis & Volatility of mETH, and (2) the liquidity profile of the collateral. Market risk refers to the potential for financial losses resulting from adverse changes in market conditions.
This section is divided into 2 sub-sections:
3.1: Volatility Analysis
3.2: Liquidity Analysis
3.1 Volatility Analysis
3.1.1 Liquid Staking Basis (LSB)
Liquid Staking Basis compares the mETH market price to the fair value of underlying ETH in the system. The fair value is characterized by an increase in the internal mETH rate oracle over time. The mETH internal exchange rate is queried from the mETH consensus oracle and the market price is provided by DexGuru (Uniswap v3 pool).
The chart below calculates the LSB at each timestep as:
Source: Etherscan and DexGuru
The absolute LSB shows the overall magnitude of the deviation without respect to positive or negative deviations.
Source: Etherscan and DexGuru
mETH has experienced increased deviation from its underlying ETH in the second half of March, which coincides with a few observations:
The Mantle "Double Dose Drive" expired on April 1, which had doubled yield to mETH holders for a 3 month period,
The ETH TVL in mETH plateaued in mid-March, with sizable withdrawals processed in early April,
A market reversal saw ETH retrace from its highs on March 13, and
The ETH staking validator queue began growing in mid-March to a 6-month high.
3.1.2 LSD Volatility
Over the course of the last 60 days, the volatility of daily returns has been contained within a relatively narrow range, oscillating between -5% and +5%. A significant downturn was observed in January 2024. Conversely, March 2024 has been characterized by two distinct spikes in value.
Source: DefiLlama
Standard Deviation (avg daily deviation) 3.31%
Annualized volatility 63.20%
3.1.3 Yield Volatility
Yield volatility shows the variation in staking yield over time. Volatility may impact the desirability of the LSD.
Source: Mantle documentation - mETH Stats
Standard Deviation (avg daily volatility) 29.48%
Annualized Volatility 563.20%
3.2 Liquidity Analysis
3.2.1 Supported DEXs and CEXs
mETH DEX venues on mainnet are exclusively on Uniswap V3. The wstETH/mETH pool has been inactive since ~14-Feb-2024, making the WETH/mETH UniV3 pool the sole mainnet DEX venue.
Source: Messari
The token is also supported on decentralized exchanges on Mantle network: Agni Finance (more than $3m in 24h volume), Merchant Moe, FusionX.
CEX availability is limited to Bybit with mETH/ETH and mETH/USDT trading pairs.
3.2.2 LSD Token Total On-chain Liquidity
mETH liquidity on Ethereum is concentrated on Uniswap, which earned the highest mETH liquidity score across its trading venues per Coinmarketcap rankings.
Uniswap V3 Token Liquidity on March 18: ~$15.6m TVL. This is not the TVL of the pool, rather it is a calculation of the available counterparty assets in the pool to find the value that can be swapped into.
Source: Dex.guru
By comparison, the Uniswap ETH/mETH had a TVL of ~$33.75m. The mETH/WETH Uniswap V3 liquidity pool has maintained a stable TVL ranging from $28.9m to $42.5m since its creation.
Source: Defi Llama
Over the past month, the average APY of the liquidity pool was 0.72%, with a range of 0.03% to 4.41%.
Source: Defi Llama
The token is also available natively on Mantle with a max supply of 102,920.587 mETH. The most liquid pools are:
Agni Finance METH/WETH
Merchant Moe METH/WETH
FusionX v3 METH/WETH
Note that, being an Optimistic Rollup, the withdrawal of funds from Mantle Network to Ethereum mainnet can take up to a week, inhibiting the availability of this liquidity for Ethereum-based applications.
3.2.3 Token Distribution
The following observations can be made regarding the mETH token distribution:
The top 25 holders concentrate 96.40% of the total supply of mETH.
35.7% of the supply is currently being restaked into EigenLayer.
20% of the supply is deposited on the Mantle Network L2.
The Mantle Treasury holds ~9% of the supply.
Source: Etherscan
3.2.4 Liquidity Utilization Rate
We observe the liquidity utilization of the UniV3 WETH/mETH pool, being the sole source of DEX liquidity. Liquidity utilization takes the daily pool volume divided by the daily pool TVL over the observed time period.
Source: Defi Llama and Bitquery
3.2.5 LSD Leverage Ratio
mETH is only onboarded as collateral on the Mantle Network (not Ethereum). It is accepted as collateral on the following lending protocols:
INIT Capital - 12,829.66 mETH deposited in total (close to the cap of 17,000 mETH) for estimated 7.26% APY.
Lendle - 80% Max LTV, low utilization rate (6.2%), 5.58K mETH supplied and 345.92 mETH borrowed.
Meth Lab - See for yourself.
Timeswap - USDT/mETH and WETH/mETH markets
Source: Timeswap
MYSO Finance - mETH/USDC and mETH/MINU markets
Source: MYSO Finance
Aurelius - CDP protocol with relatively low utilization rate, 65% max LTV, borrowed amounts are far less than provided liquidity.
Source: Aurelius
For holders of mETH, the avenues for generating yield primarily revolve around liquidity provision on DEXs and engagement with yield aggregators. Below are some of the key yield-generating venues observed for mETH:
Uniswap V3 (Ethereum): liquidity provision on WETH-METH (0.05%)
Circuit Protocol (Mantle): yield aggregator for mETH with $3.32m TVL on Lendle strategy and another $1.07m on Merchant Moe METH-WETH LP
Source: Circuit
Stratum Exchange (Mantle) - liquidity provision on METH-WETH (vAMM: volatile V2 pair 0.1%)
3.2.6 Slippage
On a slippage snapshot taken on April 8, a swap of ~1448 mETH ($5.5m) produced a slippage around 1%.
Source: Defi Llama - liquidity | Date: 4/8/2024
Section 4: Technological Risk
This section addresses the persistence of collateral properties from a technological perspective. It aims to convey (1) where technological risk arises that can change the fundamental properties of the collateral (e.g., unresolved audit issues) and (2) do any composability/dependency requirements present potential issues (e.g., is a reliable price feed oracle available?).
This section is divided into three sub-sections:
4.1: Smart Contract Risk
4.2: Product and Layer Composability
4.1 Smart Contract Risk
4.1.1 Protocol Audits
The Mantle mETH contracts were subjected to a total of 4 audits:
Hexens(Liquid%20Staking%20Protocol).pdf?alt=media) (2023-08-25): 22 findings including 3 high risks and 6 medium risks. No critical findings.
MixBytes (2023-10-30): 14 findings including 3 high risks and 4 medium risks. No critical findings.
Secure3 (2023-10-12): 4 findings including 1 high and 1 medium risk.
Verilog (2023-11-21): 3 findings, none deemed as high or medium risk.
The TVL consensus Oracle received 2 audits:
Hexens%20(Oracle).pdf?alt=media) (2023-10-02): 8 findings including 3 high risks and 4 low risks.
Secure3 (2023-10-13): 9 findings including 4 medium and 5 low.
The Mantle team either fixed important issues, or provided relevant justification for not considering the finding as a risk — something that often happened. This is indicative of both Mantle's engineering seriousness and commitment to a high quality codebase. In their interactions with auditors, the Mantle team often appeared to be proficient and proactive when it comes to the technical understanding of the system.
4.1.2 Concerning Audit Signs
Here are some notable high risk findings:
Front-running of the beacon chain deposit. Initially reported as part of the LiDo bug bounty program, this bug allows a malicious node operator to front-run beacon chain deposits by changing the withdrawal address. After the front-runned transaction goes through, they can exit the validator and steal the principal. Frax was also vulnerable to this threat. Mantle has opted to prevent such attack using the offchain Initiator service instead of onchain (to save gas).
Lack of checks on the exchange adjustment rate. Originally used to account for the time ETH spends in the entry and exit queues, this rate can be set to have extreme values by the STAKING_MANAGER_ROLE, such that users would get 0 mETH in exchange for their ETH. ETH could also be stolen by front-running deposit transactions. The fix was to bound this parameter in a range that is acceptable.
Invalid split between principal and rewards by the Oracle. This bug was found in the TVL consensus Oracle offchain service, and can cause a full validator's balance to be counted as reward only when a validator exits. This stems from the fact that a validator's balance is only updated at the end of an epoch — during this update the state of the validator will be moved to WithdrawalDone if the new balance is 0. The issue was mitigated by taking into account that a withdrawn validator can have the WithdrawalPossible state until the end of the epoch.
It must be noted that although the critical risk category exists within all auditor's risk frameworks, no critical risk was found by any auditor, except for one particular auditor for the reason that it lacked the intermediary high risk level.
4.1.3 Bug Bounty
A maximum bounty of 500,000$ is available on ImmuneFi since November 28 2023. Critical theats are rewarded with 10% of the funds at risk, with a minimum of 100,000$ to incentivize security researchers against withholding a critical bug report.
During this program, an issue impacting Lido contracts has been found to also impact Mantle mETH contracts. This medium severity threat can prevent users from withdrawing their funds by front-running their transactions.
4.1.4 Immutability
Pausing capability
All contracts can be paused thanks to the Pausing contract, which is called by other contracts before running state changing functions to check if the call should proceed or not. Multiple entities have the PAUSER_ROLE
, including the Oracle contract and the different offchain services.
Negative externalities are limited by several mechanisms:
Only the
UNPAUSER_ROLE
, assigned to the MantleSecurityCouncil and the MantleAdmin (see 5.1.2), may unpause contracts.Individual aspects of the protocol can be paused separately (AllocateETH, InitiateValidators, Staking, Unstaking, and SubmitOracleRecords), hence maintaining usability for users.
A malicious Guardian service may only pause contracts temporarily until his role is removed by the MantleSecurityCouncil.
Upgradability
All contracts use the TransparentUpgradableProxy from OpenZeppelin, a production tested implementation of the TransparentProxy pattern. Only the MantleSecurityCouncil wallet, a 6/13 multisig, can propose, execute or cancel smart contract upgrades.
Timelock
Smart contract upgrades are protected by a timelock that allows users time to exit the protocol before protocol updates are executed, or the Mantle team to cancel such upgrade if deemed malicious or not desired. This timelock is implemented using the TimelockController from OpenZeppelin and is located at address 0xc26016f1166bE7b6c5611AAB104122E0f6c2aCE2.
Although everything is in place for the timelock to work, the current delay is set to 0, meaning that an upgrade can be proposed and accepted in a single transaction. Allegedly, Mantle plans to activate the timelock by increasing this value once the protocol reaches maturity.
Off-chain Services
The code for the Initiator, the Allocator and the Guardian offchain services are not open-source. Although it is true that their capabilities are limited by the onchain permission system and the smart contract functions they can call, the Initiator must interact with node operators to request the creation of new validators and fund them, while the Allocator can request one or more validators to exit. Those are important responsibilities which warrant additional scrutiny. It also begs the question of the handling of validator keys, concerning whether they are solely held by node operators or additionally by Mantle. The Mantle team has declined to provide any technical details regarding those offchain services, how they interact with node operators, which information is shared with them, and how.
We consider this hidden aspect of the architecture a security issue because if the validator keys were to fall into the wrong hands, one could put user funds at risk. According to the documentation, the Mantle team decided to keep the code private for security reasons. Without more information, we must consider worst case scenarios, which include the following:
An attacker could impersonate Mantle in its interaction with the node operators and either request the creation of new validators or exit existing ones.
The validator keys could leak and be used to validate in parallel of existing validators. This could lead to the slashing of all validators that are supporting the value of mETH. Depending on the state of the consensus layer, this could lead a loss of fund between 3.125% in the best case and 100% because of correlated slashing conditions.
4.1.5 Developer Activity
The code for Mantle's LSD contracts is open sourced on GitHub. Both the smart contract code and the Oracle offchain service code are made available. The contract repository has a total of 5 contributors, and a total of 19 commits since the 6th of October 2023. The last commit dates from the 27th of December 2023. Although this can be considered as a low level of activity, it is important to note that the mETH contracts are particularly simple and concise, which allows to reach a high level of maturity with minimal efforts from the engineering team.
Source: Github
The repository contains no issues but a total of 10 closed PRs (pull request). The use of PRs with separate branches enables peer review and allows to better track changes. This, in addition to a well documented repository, is indicative of mature development practices. We note that some, but not all commits, are signed using a GPG key — enforcing the use of GPG signatures can increase security and prevent attackers from injecting malicious code into the codebase.
4.1.6 SC Maturity
Overall, audits found a limited amount of issues, with some being shared by other LSD protocols like the beacon chain deposit front-run by malicious node operators. Audit reports generally indicate a codebase that is ready for production.
We conducted a quick manual review of publicly available smart contracts and found serious development practices as well as an extensive inline code documentation. The simplicity of the mETH architecture helps to understand the behavior and edge-cases of the system, which further strengthen our confidence in the mETH codebase. However, although not smart contracts per se, it should be noted that the code for the Initiator, the Allocator and the Guardian offchain services are not open-source.
Since all Mantle's smart contracts are verified on Etherscan, we used the tool diffyscan to compare the Etherscan source code with the one found in Mantle's GitHub repository and found a 100% match. This indicates that the code deployed onchain is the same as the one that is made open-source on Github.
4.1.7 Previous Incidents
To the best of our knowledge, and according to our communications with the Mantle team, the mETH protocol has not suffered from any incident.
4.2 Product and Layer Composability
4.2.1 Dependencies
Mantle mETH depends on a total of 4 offchain services. Only one of them, the TVL consensus Oracle, was subjected to publicly available audits from Secure3 and Hexens%20(Oracle).pdf?alt=media), whereas the code for the Initiator, the Allocator and the Guardian is not publicly available. However, Mantle claims in its documentation that the offchain services adhere to the following security contraints:
Minimum responsibility. Processing is done, as much as possible, onchain.
Stateless and recoverable. This prevents offchain services from reaching an invalid state due to infrastructure issues (e.g. power outage or data loss).
Onchain data only. There are no third-party dependencies. Only access to the Ethereum Network and its API is needed.
TVL consensus Oracle
Instead of computing and reporting only the exchange rate between mETH and ETH, the Mantle team opted for an Oracle design where multiple raw data points are reported. This allows the Oracle smart contract to perform various sanity checks — albeit at the cost of higher transaction fees for the Oracle client. If too large of a difference is found by the Oracle smart contract, a call is automatically made to the Pauser contract, which will pause all smart contracts supporting mETH.
As an example, we provide one of the heuristics that the Mantle team is using as a sanity check: by expecting a 5% APY consensus yield, the expected ETH consensus reward is computed. The upper bound for the reported reward is calculated to be 10x the expected reward, while the lower bound corresponds to 0.1x this amount. Any reported reward that falls outside of this range would trigger the pausing system.
The Oracle currently targets a report delay of 2400 blocks (~8 hours). More than 50% of whitelisted oracle clients must provide the same report for it to be valid (their hashes are compared), and a minimum of 3 Oracle clients must file a report for it to be accepted. Here are the currently deployed smart contracts related to the Oracle functionality:
The OracleQuorumManager is responsible for managing the different whitelisted Oracle client EOA and to accept reports from them. If a report passes the requirements (quorum and >50% hash based equality), then the report is sent to the Oracle contract.
The Oracle contract receives reports from the OracleQuorumManager, performs sanity checks, and potentially calls the Pauser contract if they fail. It only accepts reports from the OracleQuorumManager contract.
The Pauser contract can be called by multiple smart contracts, including the Oracle, in case of failed sanity checks.
Source: etherscan.io
6 wallets have the SERVICE_ORACLE_REPORTER
role. All of them are actively reporting to the OracleQuorumManager contract, are EOA wallets, and according to their transaction records are solely dedicated to their task:
It is interesting to note that, since the deployment of EIP-4788 in Dencun, this Oracle design could be made much simpler and secure. EIP-4788 includes the beacon chain block's root into execution blocks. Although reports from offchain services would still be required, a single cryptographic proof would be enough to verify the authenticity of a report.
Initiator
The Initiator monitors the state of the staking contract at each block to determine if new validators must be created or not. When deemed necessary, the service will call an HTTP API exposed by node operators to request the creation of one or more validators. During this call, the withdrawal address is specified by Mantle. Deposit credentials are verified both offchain by the Initiator service and onchain in the Staking contract. No information has been provided by Mantle regarding how this service authenticates with the node operators, or if and how the validator keys are exchanged between the two parties.
Allocator
The Allocator is responsible for moving ETH across the different smart contracts according to unstake requests and new Oracle reports. Consider that the Staking contract keeps track of 3 different pools of ETH; the pending staking pool containing ETH freshly deposited by users in exchange for mETH, the staking pool containing ETH ready to be allocated to new validators, and the unstaking pool containing ETH ready to be withdrawn by users through the burning of mETH receipt tokens.
The Allocator proceeds as follow:
(1) Fulfill unstaking requests by moving ETH from the pending staking pool to the unstaking pool.
(2) If there is not enough ETH in the pending staking pool to fulfill all unstaking requests from users, then the Allocator will request node operators to exit one or more validators through the HTTP API they expose.
(3) If there is any ETH left in the pending staking pool after step (1), then this ETH is moved to the staking pool.
Note that this process is such that, at the end of it, no ETH should remain in the pending staking pool. The smart contracts functions called by the Allocator force the flow of ETH in the cluster to be strictly uni-directional and cyclical, hence securing funds.
Guardian
The Guardian's purpose is to monitor the state of the mETH contracts and to pause the system as soon as an unexpected state is detected. Strictly speaking, the Guardian is not necessary for the system to function normally and securely, as the system already runs checks on itself automatically. Therefore, this service merely acts as a redundant security component of the system.
4.2.2 Withdrawals Processing
Withdrawing is a two step process. First, a user must request to exchange some amount of mETH for ETH from the staking contract. The exchange rate for the withdrawing request is set at the time of this first action. Then, two conditions must be met: there must be enough ETH in the staking contract to fulfill the request, and the request must be marked as finalized. Requests are set as finalized when the next TVL consensus Oracle report is sent to the Oracle contract to update the exchange rate of mETH for ETH (every 8 hours or so). It follows that a user might wait at most 8 hours before effectively exchanging its mETH for ETH.
This two step process is a security measure: it prevents a user from siphoning the staking contract through an unfair exchange rate that does not reflect the actual amount of ETH in the system. Indeed, large loss of ETH in the protocol can happen in case of a slashing event or security breach. In addition to this delayed withdrawal process, several measures are taken to pause the staking contract as soon as possible:
An Oracle report whose total amount of reported ETH deviates too much from the expected amount will trigger the pausing mechanism. This check happens at every report processing, that is, every 8 hours or so.
The Guardian offchain service will pause the system if it detects a slashing event. This check happens in real time (i.e. each time a new block is added to the chain).
When the staking contract is paused for some reason, the Mantle team can manually cancel unstaking requests if their exchange rate is deemed unfair. Once the system is stabilized and safe, the Mantle team must manually unpause the staking contract to allow users to renew their withdrawal request.
4.2.3 Oracle Pricefeed Availability
Both push-based oracles and pull-based oracles are available for mETH. There are important differences between these two types of oracles:
Push-based oracles consist of one or more offchain actors that are pushing their price onchain at regular intervals. The gas for those transactions is paid by them. Users can query the oracle contract at any time. The heartbeat refers to the interval which is often 24 hours or so.
Pull-based oracles are such that the price is pulled from offchain sources by the user when needed, and the price feed is updated onchain as part of their transaction. Cryptographic proofs are used so that the oracle contract can verify that the updated price is valid. In that case, the heartbeat refers to the update frequency of the offchain sources, and is much faster at around every few seconds or so. However, the onchain pricefeed is only updated when needed.
It follows from those definitions — and is important to keep in mind — that the heartbeat of a push-based oracle can hardly be compared to that of a pull-based oracle.
Pyth
A mETH/USD price feed is available on Pyth, a pull-based Oracle. Pyth computes a value along with a confidence interval by aggregating multiple values and their respective confidence interval. The first step is to compute the value by assigning 3 votes to each data provider — one at their reported price, and for each -/+ bounds — and then to take the median of all votes. The second step computes the resulting confidence interval by considering the distance from the aggregate price to the 25th and 75th percentiles of the votes, then selecting the larger of the two as the aggregate confidence interval. This acts as an hybrid between the mean and the median.
Shown below is a representation of the price aggregation mechanism. The resulting value and confidence interval are in blue.
Source: Pyth documentation.
Pyth Network aggregates data using Pythnet, a specialized blockchain based on Solana technology, operated independently by Pyth's data providers. Their blockchain design ensures secure and accurate aggregation of price data from various sources into a single price feed that is updated multiple times per second. Owing to the high-frequency data deliveries, the users can access updated price data with minimal latency.
Supra
Two pull-based price feeds are available on Supra. It uses a decentralised Verifiable Random Function (VRF) as an anti-collusion approach and identifies clusters of coherent reported values from which an arithmetic mean is calculated.
mETH/ETH, ~4 seconds heartbeat, premium feed with a minimum of 8 sources
mETH/WETH, ~4 seconds heartbeat, feed under supervision with 3 to 5 sources
API3
Finally, API3 provides a push-based mETH/ETH price feed that is directly sourced from reputable API providers. This price feed has a 0.25% deviation and a 24 hours heartbeat. It is self-funded, meaning that the Oracle service will work as long as there is gas remaining in the Oracle contract. Only the contract owner can query the deployed Oracle contract.
Section 5: Counterparty Risk
This section addresses the persistence of mETH's properties from an ownership rights perspective (i.e., possession, use, transfer, exclusion, profiteering, control, legal claim). The reader should get a clear idea of (1) who can legitimately change properties of the collateral (e.g., minting additional units) and what their reputation is, (2) the extent to which changes can be implemented, and the effect on the collateral.
This section is divided into four subsections:
5.1: Governance
5.2: Decentralization of the LSD
5.3: Economic Performance
5.4: Legal
5.1 Governance
5.1.1 Governance Scope
As part of the Mantle ecosystem, mETH is governed by the Mantle DAO, powered by the MNT governance token. Possession of the MNT token allows to vote on governance proposals in a linear manner (1 token equals 1 vote). Proposals are first discussed on the Mantle forum and, if positive feedback is received, will be formally presented and subjected to a vote from the community through snapshot.org.
5.1.2 Access Control
The Mantle mETH contracts are using a Role-Based Access Control pattern by defining a set of Roles and by assigning them to specific wallets. Roles are assigned and revoked by the MantleSecurityCouncil wallet, a 6/13 multisig wallet. A detailed list of the different wallets, the roles they have, and the contracts they can interact with is available in the Mantle LSD documentation. After a careful analysis, we make the following observations:
The MantleSecurityCouncil wallet has the highest power, but is limited to rare events like contracts upgrades or a change of parameters. As a 6/13 multisig wallet, it is the most secured wallet.
The MantleLSPEngineering wallet is a 3/9 multisig that can execute actions like parameter updates or a topUp of the ETH balance.
The MantleAdmin is an hardware EOA that can update/delete pending oracle reports and topUp the ETH balance. It is a signer of the MantleSecurityCouncil that is used when response time is critical.
Each offchain service is assigned a specific role that limits its scope of action (e.g.
ALLOCATOR_SERVICE_ROLE
andINITIATOR_SERVICE_ROLE
). Mantle indicates the use of hardware wallets to mitigate the fact that private keys are "online"; this includes technologies like cloudHSM and secure enclaves.The Oracle client wallets all share the same
SERVICE_ORACLE_REPORTER
role.The
PAUSER_ROLE
is assigned to many different wallets including the Guardian offchain service, but also the Oracle contract and the Staking contract. However, only the MantleSecurityCouncil and the MantleAdmin have theUNPAUSE_ROLE
and can unpause the system.
A particular observation caught our eyes: the ReturnAggregator contract has the WITHDRAWER_ROLE
role, allowing it to withdraw funds from the ConsensusLayerReceiver and ExecutionLayerReceiver contracts. Although it brings flexibility to the system in case of contract upgrade or to mitigate an ongoing attack, the MantleSecurityCouncil could in theory reassign the WITHDRAWER_ROLE
to another wallet, and trigger validator exits through the Allocator offchain service that it controls. The new wallet could then withdraw both the principal and the rewards from the ConsensusLayerReceiver and the ExecutionLayerReceiver contracts and steal the whole protocol's TVL. Although a high level of collusion would be needed by signers of the MantleSecurityCouncil 6/13 multisig to sign those malicious transactions, it is nonetheless a significant power and a trust assumption relevant to mETH holders.
5.1.3 Distribution of Governance Tokens
A total of 6,219,316,768 MNT were minted without vesting schedules at the time of the merge between BitDAO and Mantle, and BIT tokens were made exchangeable for MNT tokens on a 1-1 basis. 51% were distributed through various means, including incentives to use Mantle products, technology partner grants, and equity for core contributor team and advisors. This distribution is an ongoing process that follows a strict governance process and is subject to a vote from the community. The remaining 49% of MNT tokens is kept within the Mantle Treasury. As of Saturday 9th of March, the MNT token has a market cap of $3,382,061,448. According to Etherscan, it controls a treasury that is mostly made of:
21,047 ETH
2,866,781,565 MNT
47,344 mETH
79,575,510 sUSDe
4,737,271 USDC
3,920,195 TUSD
The treasury and its different allocations can be monitored using tools developed by the Mantle team. The main treasury wallet is a 3/6 Safe multisig located at address 0x78605Df79524164911C144801f41e9811B7DB73D whose owners are:
0xf5b16239f88B54894e03e0293d3d7FDdEb9f9070
0x3Dc5FcB0Ad5835C6059112e51A75b57DBA668eB8
0xe75D7324d6BC4E70A200c5E268160332F43b2d2B
0x3000BE80ad204D327990eB403654aCd1Eaa8eCeb
0xc4143711aA5bd6d37F1b0A690120AA5859e32A93
0x915dc866e2e5E64f912A5ac1D40E3be4597F172a
On top of being an ERC-20 governance token, MNT is also a utility token that is needed to use Mantle products. For instance, MNT tokens play the role of gas tokens on Mantle network, an L2 rollup, as well as collateral for their nodes.
5.1.4 Proposals Frequency
To review the frequency of governance actions, we review the historical Snapshot votes. Analyzing the monthly proposal data shows an average of 0.94 over the course of 32 months. Peak activity was reached in April 2022 with a total of 4 proposals.
Source: snapshot.org
5.1.5 Participation
Forum engagement The Mantle forum contains a total of 58 topics, which is relatively small. Archived topics indicate a Discussion that did not lead to a formal proposal on snapshot.org after a long discussion time.
We can see a large discrepancy in activity between topics — some topics being extremely active compared to the majority. This is demonstrated by a standard deviation that is notably higher than the mean for both the reply and view counts. Those extremely active topics often lead to a formal proposal that is accepted by the community, hence earning the status Passed. This is indicative of a high engagement from the community on topics that are deemed important.
Snapshot voting
Snapshot votes are overwhelmingly "yes" votes, except for the BIP-16 proposal whose aim was to allocate more funds from the Mantle treasury towards decentralized stablecoins. This can be explained by a combination of two factors: the number of snapshot proposals, which is relatively small, and the fact that most proposals were extensively discussed on the Mantle forum.
Source: snapshot.org
The net consensus score is defined as the ratio of "Yes" over the total count of votes expressed. The "Abstain" category, when present, is ignored from that total count.
5.2 Decentralization of the LSD
5.2.1 Number of Node Operators
A total of 4 professional node operators are operating validators on behalf of Mantle.
5.2.2 Validators per Node Operator
No information is publicly available regarding the number of validators per node operators, and Mantle has declined to provide us with this information. Because a specific node operator could centralize most of the stake behind mETH, we consider this a centralization risk.
Mantle, likewise, does not yet publicly disclose the node client diversity of the node operators it contracts with. The Mantle team has shared us some internal information regarding client diversity, so we can confirm they do monitor this information and presumably take steps to ensure some level of diversity.
Under the current global ETH staking client diversity landscape (as of Saturday 6th of January), Geth stands at 63% of the total stake. Although that is lower than the super-majority risk threshold that stands at >66%, it remains significantly higher than the majority risk threshold that stands at >33%. Consequently, depending on the usage of Geth by Mantle's node operators, mETH holders could suffer from correlated slashing conditions and lose up to a double digits percentage of their funds.
5.2.3 Validator Enter/Exit (Churn)
Source: Etherscan
According to the Mantle documentation, the Allocator service will automatically optimize the number of validator exits required by using ETH deposited into the Staking contract to fulfill withdrawal requests from users. This allows to reduce the number of validator exits required to fulfill withdrawal requests from users, hence increasing capital efficiency.
5.3 Economic Performance
5.3.1 Revenue
We compute the total revenue by looking at the amounts received by the ReturnAggregator contract from the ConsensusLayerReceiver and the ExecutionLayerReceiver contracts. To filter out validator exits, we take the modulo 32 of each transaction amount. We obtain a total cumulative revenue of approximately 1750 ETH, which amounts to $6,037,500 as of the 25th of March 2024.
Source: etherscan.io
5.3.2 Net Profit
By considering that Mantle keeps 10% of the staking revenue, and that they use approximately 5% for paying node operators, we estimate the net profit received by the Mantle Treasury to be 0.05 x 1750 = 87.5 ETH
, or $301,875 as of the 25th of March 2024.
The figures presented herein are to be considered estimations. While our computations align closely with data available in Treasury Reports, it is important to note that we encounter limitations in accurately quantifying the specific expenses associated with mETH.
5.4 Legal
5.4.1 Legal Structure
In the FAQ section of its previous website, BitDAO unveils the intricacies of its organizational fabric. There, it is articulated that BitDAO diverges from the traditional corporate archetype; it is not ensnared in the formalities of registration as a company. At its core, BitDAO was conceived not as a corporate entity but as a consortium of innovative builders and engaged stakeholders united by their holdings of $BIT tokens. The token holders wielded governance power and steered the direction of the organization.
In a strategic maneuver, BitDAO embraced a fusion with Mantle, a move realized by the passage of BIP21. This union involved rebranding the combined entity as Mantle, with its digital presence anchored at https://www.mantle.xyz.
This transformative phase, however, did not necessitate a seismic shift in structural foundations:
“Changes from BitDAO.io shall be a cosmetic rebrand only - all existing governance processes are preserved including proposals, budgeting, and treasury resource management"
Source: BIP21
Despite the rebranding and optimization efforts, Mantle's documentation remains silent on the specifics of legal formations within the ecosystem. The governance forums offer no glimpse into deliberations over establishing DAO legal frameworks or specialized legal constructs.
It can be inferred that Mantle has seamlessly inherited BitDAO's entity-less structure, continuing to navigate the digital frontier devoid of traditional legal structures.
5.4.2 Licenses
The laws of Singapore are elected to preside over the access and utilization of http://mantle.xyz, along with its suite of services, functionalities, features, or content. With mETH emerging as a notable product offering, the spotlight turns to the legal intricacies of staking services under the existing statutes and regulations in Singapore.
In a landmark move in July 2023, the Monetary Authority of Singapore (MAS) unveiled a pioneering set of measures, borne from public consultations. These proceedings mandate digital payment token service providers (DPTSPs) to safeguard customer assets within a trust, simultaneously imposing constraints on their abilities to lend and offer "staking" services for digital payment tokens. The MAS has articulated profound concerns regarding DPTSPs' roles in enabling the lending and staking of assets belonging to retail customers, pointing to the potential for significant consumer detriment arising from staking activities. This concern is coupled with an awareness of the inherent conflicts of interest that DPTSPs may harbor in facilitating such services.
The MAS has set forth guidelines particularly aimed at DPTSPs. In this connection, we should explain what DPTSPs are. These are service providers that carry on a business of providing a digital payment token (“DPT”) service under the Payment Services Act 2019 (“PS Act”).
Digital payment token is designated by the PS Act as any digital representation of value (other than an excluded digital representation of value) that:
(a) is expressed as a unit;
(b) is not denominated in any currency, and is not pegged by its issuer to any currency;
(c) is, or is intended to be, a medium of exchange accepted by the public, or a section of the public, as payment for goods or services or for the discharge of a debt;
(d) can be transferred, stored or traded electronically; and
(e) satisfies such other characteristics as the Authority may prescribe.
The scope of digital payment token services under the PS Act is expansive, including both the dealing in digital payment tokens and the facilitation of their exchange, except for certain services exempted by the Authority.
A review of the MAS's public registry of financial institutions revealed that Mantle does not hold a license for Digital Payment Token Service, nor is it listed in any of MAS's registries.
Source: MAS
In practical terms, according to the existing protocol design, Mantle does not engage in the custody or acceptance of digital tokens/crypto assets. This would place Mantle beyond the purview of the PS Act and related MAS guidance. Additionally, the nature of non-custodial staking, where customers retain exclusive control over their private keys, generally does not necessitate licensing in various jurisdictions due to its customer-centric security model.
This conclusion is drawn based on the current state of affairs and reflects the extent of our legal research capabilities as of the date of this report. However, the dynamic landscape of DeFi means that the adoption of alternative approaches, changes in system architecture, updates to protocol designs, modifications in smart contracts, or shifts in regulatory landscapes could potentially alter the legal interpretation of the business model and/or the tokens involved.
It may be assumed that, following the decentralisation ethos, Mantle has never pursued licensing under the Singapore regulatory regime. Instead, the choice of law with regard to website governing terms has been made to use Singapore’s established, safe and transparent judicial framework.
5.4.3 Enforcement Actions
In an exploration of publicly available data, we have not uncovered any specific instances of enforcement actions, legal proceedings, or other regulatory measures directed at Mantle by relevant authorities.
5.4.4 Sanctions
Upon accessing or using http://mantle.xyz/, users are bound to a pledge against engaging in, promoting, or in any way facilitating illicit activities. These representations are coupled with warranties that users are in full compliance with sanctions laws—including the assurance that they are not designated individuals by the Office of Foreign Assets Control (OFAC). Should it be ascertained that a user has violated these representations or otherwise breached the terms governing the use of the platform, Mantle reserves the unequivocal right to restrict access to its services.
Furthermore, the Site explicitly delineates geographical boundaries, notably excluding users from sanctioned jurisdictions, such as the Crimea region of Ukraine, Cuba, Iran, North Korea, and Syria. This prohibition extends to any individual or entity listed on the Specially Designated Nationals and Blocked Persons ("SDN") List maintained by OFAC, as well as to entities that are 50% or more owned, directly or indirectly, by one or more such designated individuals.
5.4.5 Liability Risk
The Terms and Conditions ("T&C", the "Terms") outline the framework governing user interaction with the Mantle website, accessible at http://mantle.xyz (the "Site"), along with any services, functionalities, features, or content it provides. By agreeing to these terms, the User enters into a binding agreement with Mantle for their personal engagement with the Site.
The Terms incorporate the user acknowledgment that the Site is only an interface for the community of users and developers interested in or contributing to the infrastructure, code and development of Mantle Network. Mantle operates beyond the confines of central control, embracing a decentralized ethos where decisions emerge from the collective wisdom of the community.
Mantle clearly states its position regarding third-party interactions, expressly distancing itself from any liabilities tied to unauthorized access or misuse of User wallets, accounts, assets, or any sensitive information handled by external providers.
A noteworthy aspect of these T&C is the specific mention of offerings to French clientele or interactions with the French market, aimed at preemptively addressing any regulatory assertions of required registration or licensing under French jurisdiction.
"Mantle Network is a layer-2 blockchain incubated by a decentralized autonomous organization that is not registered nor licenced in France with the French Autorité des Marchés Financiers and does not carry out any digital asset services as per defined under Article L. 54–10–2 of the French Monetary and Financial Code on French territory and is more generally not regulated in France or with French authorities. Mantle Network does not (and does not purport to) promote or market services or solicit clients in France within the meaning of Articles L. 341–1 et seq. of the French Monetary and Financial Code. Mantle Network’s activities as part of the EthCC and related events are strictly limited to the presentation of technical matters relating to the functioning of its technology. This Agreement does not constitute financial advice nor a recommendation to buy or sell any product or service."
The provision of the Site and its contents is strictly "As Is" and "As Available," highlighting a user-centric approach where individuals navigate the platform at their own discretion. This clause underlines various risks inherent to online engagement, such as privacy breaches, system disruptions, and malware threats. The disclaimer is comprehensive, unequivocally excluding warranties of quality, suitability, or uninterrupted access, while delineating the extent of Mantle’s accountability for any resultant losses or damages, regardless of their nature or forewarning, and caps potential liabilities at the lesser of total user fees for direct Site usage or 10,000 USD. Moreover, a force majeure clause provides Mantle with leeway against obligations during extraordinary events beyond reasonable control.
In terms of legal recourse, these T&C designate Singapore as both the governing law and preferred jurisdiction for dispute resolution. Conflicts will be adjudicated through arbitration in Singapore, in alignment with the Singapore International Arbitration Centre’s rules, ensuring that any arbitration award is conclusive and enforceable in courts with proper authority.
5.4.6 Adverse Media Check
Аdverse media checks concerning Mantle and mETH revealed no direct connections to issues such as money laundering, corruption, sanctions exposure, threat financing, or any other illicit activities. An open data search did not identify specific concerns related to Mantle/mETH in these areas.
Section 6: Risk Management
This section will summarize the findings of the report by highlighting the most significant risk factors in each of the three risk categories: Market Risk, Technology Risk, and Counterparty Risk.
6.1.1 Market Risk
LIQUIDITY: Does the LSD have a liquid market that can facilitate liquidations in all foreseeable market events?
mETH has mainnet liquidity exclusively on Uniswap V3, with a TVL of approximately $15.6 million. On the CEX front, liquidity is more constrained, with Bybit being the primary venue, offering mETH/ETH and mETH/USDT trading pairs. The mETH market faces liquidity challenges due to a significant portion of the supply being restaked into EigenLayer, potentially hindering timely withdrawals during tense market situations. Additionally, the absence of an Ethereum-native leverage ratio and limited collateral exposure to lending protocols, confined to Mantle L2, further complicates the liquidity landscape. These factors collectively suggest that while there is liquidity for mETH, the market's ability to handle liquidations efficiently in all scenarios may be constrained by these structural and supply-side limitations.
VOLATILITY: Has the LSD had any significant depeg event?
mETH has experienced increased pressure on its peg since mid-March, possibly due to several converging factors involving ETH market behavior, the staking queue, and withdrawal demand following the conclusion of an mETH incentive program. The largest historical withdrawal was processed in early April, helping to restore the peg. It's important to note that a limited variety and depth of secondary markets may increase reliance on direct withdrawals from the protocol, and this may contribute to increased volatility expectations.
6.1.2 Technology Risk
SMART CONTRACTS: Does the analysis of the audits and development activity suggest any cause for concern?
No critical risks have been flagged during the audits of mETH contracts and the TVL consensus Oracle, which underwent six audits in total. The codebase is simple and concise, with developer activity not standing out in terms of volume, thus making the system easier to audit and understand.
Mantle's strategic decision to use an off-chain Initiator service for beacon chain deposit operations, aimed at saving gas costs, demonstrates a preference for efficiency. However, while mETH depends on four off-chain services for its operation, only the TVL consensus Oracle has undergone publicly available audits and has its codebase publicly available.
DEPENDENCIES: Does the analysis of dependencies (e.g., oracles) suggest any cause for concern?
mETH depends on four off-chain services for its operation. The unwillingness of the Mantle team to provide technical details about the Initiator, Allocator, and Guardian offchain services -- whose responsibilities are significant -- is cause for concern. Notably, security issues in this area could lead to slashing risks which would put users' funds at risk. There is, furthermore, minimal information about node clients used by node operators, which increases concerns about client diversity risk that may increase the severity of slashing events.
Although several oracle providers have price feeds available for mETH, they are marginal providers and we can not attest to their resiliency and reputability for securing large amounts of value. Although it may be possible to use the Uniswap pool as an oracle source, single DEX pools do not represent broad market pricing for quality data and may be susceptible to risks such as liquidity and volume migration.
6.1.3 Counterparty Risk
CENTRALIZATION: Are there any significant centralization vectors that could rug users?
The technology components are, in general, managed by the Mantle team through a 6/13 multisig with a Timelock set to 0 on execution. There is a high degree of trust in the security practices and reliability of the team.
Although the presence of a Timelock as an intermediate step to SC upgrades is a positive security feature, it is currently set with a 0 block delay. This means that smart contracts upgrades and role changes could be both proposed and enacted in a single transaction, which defeats the purpose of a Timelock all together. An even more concerning issue is the ability for the MantleSecurityCouncil 6/13 multisig to potentially reassign the WITHDRAWAL_ROLE
to another wallet and trigger the exit of all validators, hence stealing all staked ETH that secure the value of mETH.
A permissioned regime for node operators allows selection to be based on specific criteria or qualifications. However, a notable absence in this model is the lack of direct incentives for these operators to adhere to optimal behavioral standards. Detailed information about the number of validators managed by each node operator remains elusive. We are unable to verify if and how validation keys are shared between Mantle and node operators, creating concerns about validation key leakage.
LEGAL: Does the legal analysis of the Protocol suggest any cause for concern?
The assumption of an entity-less structure for Mantle, without concrete public records to confirm or refute this, introduces a significant degree of uncertainty regarding the protocol's accountability. Although Mantle has not secured a license in Singapore, the nature of its activities might not necessarily require one under current laws and regulations. While T&C specify that relations with users and any disputes are to be governed by the laws of Singapore, the absence of any mention of a legal entity entering into agreements under the Terms creates ambiguity about the enforceability of these provisions and the parties' legal rights and obligations.
6.1.4 Risk Rating
Based on the risks identified for each category, the following chart summarizes a risk rating for mETH as collateral. The rating for each category is ranked from excellent, good, ok, and poor.
We rank mETH ok in liquidity for its reliance on a single onchain liquidity venue, paired with a highly liquid asset (WETH). It has maintained a consistent liquidity profile over its history, although this makes up a small portion of its overall market cap.
We rank mETH ok in volatility because limited access to secondary markets has and may continue to put additional pressure on direct withdrawals processing, which may increase the likelihood of peg performance issues.
We rank mETH excellent in smart contracts for prioritizing simplicity in the contracts architecture, demonstrating security-first practices with ample independent audits that also provide insight into the quality of the team's development ability, and maintaining a bug bounty program with ImmuneFi.
We rank mETH poor in dependencies for heavy reliance on offchain services managed by the core team and a lack of transparency surrounding the technology and management therein. There is no mETH pricefeed we are prepared to recommend at this time.
We rank mETH poor in decentralization because the team maintains a high degree of control that includes the ability to execute protocol upgrades without a timelock. There is a prevailing opacity surrounding trusted operations that, given the high degree of centralization, is cause for concern.
We rank mETH poor in legal primarily because of the opaque legal structure underpinning the protocol. This lack of clarity compromises the level of protection afforded to users, potentially affecting their confidence and security in engaging with the platform.
Although mETH has surged to the top 4 LSD position by market cap in a few short months, there are certainly challenges it faces in enhancing maturity before it can be considered a quality collateral asset.
As with many early stage DeFi protocols, Mantle has entrusted many important operations to its core team as it aspires to transition toward a DAO structure governed by token holders. There are transparency concerns surrounding protocol operations that must be addressed before the protocol can be considered mature. Notable centralization and transparency concerns include:
WITHDRAWER_ROLE
can be reassigned by the MantleSecurityWallet, allowing funds to be stolen by Mantle signers if collusion happensA timelock on multisig execution is present but disabled
No information regarding if and how validator keys are shared with node operators, increasing the slashing risk if keys are leaked
No information about validator distribution between node operators, contributing to NO centralization risk
Minimal information about node clients used by node operators, contributing to client diversity risk
Furthermore, the mETH secondary markets must mature before it can be considered a suitable collateral. There is a single onchain venue with the UniV3 WETH/mETH pool. The venue has maintained consistent depth and is paired with a highly liquid asset, but the reliance on a single venue may increase the risk of manipulation or risks associated with the exchange or the specific pool.
Overall, we do not recommend mETH for collateral onboarding at this time. The protocol has exhibited impressive growth that certainly merits continued monitoring of developments in market maturity and a transition toward a decentralized and transparency-forward ethos. It may be appropriate to revisit mETH in 6 months time to revise our recommendation.