Useful Links

• Website: kelpdao.xyz

• Documentation: kelp.gitbook.io

• Social: x.com/KelpDAO

• Contracts: kelp.gitbook.io/kelp/rseth-smart-contracts

• Markets: Balancer rsETH/WETH pool, Nile wrsETH/WETH, Uniswap rsETH/ETH, Balancer rsETH/ETHx, Curve rsETH/weETH

• Dashboards: LlamaRisk dashboards

Introduction

This report is conducted by Llamarisk as part of a series on LRT collateral risk assessments. In this report, we examine KelpDAO's rsETH.

This report will comprehensively cover all relevant risk factors of Kelp's rsETH for collateral onboarding. Our approach involves both quantitative and qualitative analysis to help determine whether the collateral can be safely onboarded and to what extent there should be restrictions on the Protocol's exposure to the collateral.

Our review involves comparative analysis to determine suitability as collateral. Risks are categorized into:

• Market Risk - risks related to market liquidity and volatility

• Technology Risk - risks related to smart contracts, dependencies, and Oracle price feeds

• Counterparty Risk - risks related to governance, centralization vectors, and legal/regulatory considerations

These risk categories will be summarized in the final section of this report and are meant to assist tokenholders in determining rsETH onboarding and setting suitable parameters.

Section 1: Protocol Fundamentals

This section addresses the fundamentals of the proposed collateral. It is essential to convey (1) the value proposition of rsETH and (2) the overall architecture of the Protocol. This section contains descriptive elements that cannot be quantified and act as an explanatory introduction to the collateral.

This section is divided into two sub-sections:

• 1.1: Description of the Protocol

• 1.2: System Architecture

1.1 Description of the Protocol

KelpDAO, launched in December 2023 by co-founders of Stader Labs, is a liquid re-staking protocol that issues rsETH tokens. The Protocol accepts deposits of various Liquid Staking Tokens (LSTs), including ETHx, stETH, and native ETH, which are subsequently staked into EigenLayer via a set of vetted Node Operators. Depositors receive rsETH tokens in return, a yield-bearing asset characterized by a soft-peg to ETH, which can serve as collateral in decentralized finance applications.

The Protocol automates the staking process by selecting Actively Validated Services (AVS) and Node Operators that secure them using the staked assets. KelpDAO conducts risk assessments of available AVSs and Operators, aiming to optimize yield while mitigating associated risks. While the Protocol does not charge fees for LST deposits, it imposes a 10% fee on Ethereum staking rewards for direct ETH deposits.

1.1.1 Underlying Collateral

rsETH is backed by whitelisted assets allowed for minting, specifically native ETH and various Liquid Staking Tokens (LSTs). Current whitelisted LSTs include stETH from Lido and ETHx from Stader. sfrxETH was previously accepted as minting collateral but is no longer supported. On June 20th, 2024, the deposit limit for sfrxETH was set to 0. This change was implemented to ensure compatibility with lending markets, where sfrxETH still needed to pass technical due diligence. Discontinuing support for sfrxETH was a strategic decision to facilitate integration with these important DeFi platforms.

In addition to LSTs, users can deposit ETH into KelpDAO, where the Protocol first stakes it on the Ethereum consensus layer and then re-stakes it into EigenLayer. ETH deposits are uncapped, but ETHx and stETH deposits are limited to 200k units, respectively, with ETHx currently sitting at 40.4% of that capacity and stETH at 0.18%. Consequently, most LSTs deposited are ETHx with a negligible amount of stETH.

rsETH can be wrapped to obtain wrsETH on a 1:1 basis. wrsETH implements the ERC677 interface, which extends ERC20 with the 'transferAndCall' function. This function allows for the transfer of tokens together with executing a contract's function. This reduces the number of transactions needed, saving gas fees and improving efficiency.

The figure below represents assets underlying rsETH. KelpDAO accepts ETH deposits on various L2s, explaining each supported chain's different ETH categories. At the time of writing, rsETH is primarily collateralized by ETH and ETHx.

Source: Dune

1.1.2 Yield Accrual Mechanism

rsETH is a re-pricing token. Its exchange rate increases against its collaterals to reflect re-staking rewards over time. The exchange rates of the underlying LSTs also increase gradually against ETH, reflecting staking rewards accrued at the Ethereum consensus layer. The rsETH exchange rate upon deposit and withdrawals is determined using the sum of the underlying assets (ETH, stETH, and ETHx) and accumulated staking rewards.

The LRTOracle contract provides price feeds for each asset. For stETH, the price is set to 1:1 with ETH. The ETHx price is derived from the getExchangeRate function of the StaderStakePoolsManager contract, updated via a permissioned function. The rsETH/ETH exchange rate is calculated by dividing the amount of rsETH minted by the sum of all deposited assets denominated in ETH.

1.1.3 Provider Fee

KelpDAO does not currently charge fees on LST deposits but may do so when TVL reaches a certain threshold. For ETH deposits, KelpDAO takes a 10% fee on Ethereum staking rewards.

1.1.4 Node Operator Set

KelpDAO offers native ETH re-staking, allowing users to deposit ETH and receive rsETH in return. Like many liquid staking protocols, KelpDAO delegates the operation of its ETH validators to professional node operators. They currently work with three: Kiln, Allnodes, and more recently Luganodes.

These node operators demonstrate strong performance metrics according to rated.network. The Rated Effectiveness Rating (RAVER) score, used to evaluate their performance, is an aggregate metric combining multiple quantitative factors into a single value. All three operators have RAVER scores greater than 96% at the time of writing.

For EigenLayer node operators, KelpDAO uses Kiln and Luganodes with the following asset delegation breakdown:

Source: Luganodes EigenLayer operator dashboard (July 19th, 2024)

Source: Kiln EigenLayer operator dashboard (July 19th, 2024)

The asset composition includes minor quantities of tokens not officially accepted by KelpDAO (such as EIGEN, rETH, and swETH). EIGEN tokens can be attributed to the EigenLayer airdrop, which is non-transferable. Regarding the other non-standard assets, their origin could not be traced directly to the KelpDAO protocol, suggesting they may have been delegated from external sources—potentially including KelpDAO team members.

Professional node operators are centralization vectors that can endanger the resilience of the Ethereum network. Often serving multiple liquid staking and liquid re-staking providers, they operate from possibly centralized cloud services whose uptime can become critical to the network's health. The KelpDAO team has mentioned they intend to onboard two new node operators.

1.1.5 Validator Selection

Node operators are selected based on three main criteria: performance record, Total Value Locked (TVL) secured, and technical characteristics.

1.1.6 AVS Selection

KelpDAO recently started to secure several AVSs and to delegate part of their LSD stake to them. There are currently 9 of them (delegation breakdown shown in ETH equivalent, as of July 17th, 2024):

• Cyber MACH (Powered by AltLayer) - 237k ETH delegated

• Lagrange ZK Prover Network - 237k ETH delegated

• eoracle - 237k ETH delegated

• Lagrange State Committees - 237k ETH delegated

• EigenDA - 237k ETH delegated

• Witness Chain - 237k ETH delegated

• Automata Multi-Prover AVS - 237k ETH delegated

• OpenLayer - 237k ETH delegated

• Brevis coChain AVS - 123k ETH delegated

The latest statistics and updates on KelpDAO's AVS delegations can be found on their official dashboard: https://kelpdao.xyz/avs/

EigenLayer does not currently provide any yield on secured AVSs, nor does it penalize underperforming node operators through slashing. This can be understood as a beta phase before the complete activation of the EigenLayer protocol, which is expected in Q4 2024.

1.1.7 Validator Collateralization

Professional node operators are not required to provide a bond for consensus layer validators, nor is any contractual compensation planned. The only thing at stake is the reputation of these professional node operators.

Although KelpDAO has not subscribed to any insurance for its validators, we note that ETHx from Stader — one of the supported LSD — is slightly over-collateralized, with 12.5% of the staked ETH being kept by Stader to pay for the slashing penalty if needed.

1.1.8 Governance Model

KelpDAO has no Decentralized Autonomous Organization (DAO) or governance token. Consequently, protocol decisions remain solely in the hands of the team. KelpDAO has nonetheless publicly communicated its intent to switch to on-chain governance soon. We can expect Kelp Miles — a point system created by KelpDAO to reward their users — to play a role in the Token Generation Event (TGE). More details about Kelp Miles can be found in section 2.3.1. There are no details regarding the structure of such DAO or potential TGE events.

1.2 System Architecture Diagram

1.2.1 Network Architecture Overview

KelpDAO's architecture is streamlined for its purpose. Users deposit supported LSTs or ETH into the DepositPool contract. From there, LSD assets are transferred to their respective NodeDelegator contract, and ETH is staked on the Ethereum consensus layer.

NodeDelegator contracts serve as proxies to EigenLayer Operators. They are responsible for delegating and undelegating their specific asset type and claiming rewards from Operators. Regarding withdrawals, undelegated assets are received by the LRTUnstakingVault contract. Assets are then claimed by the WithdrawalManager contract, which matches and unlocks each withdrawal request made by users.

Fund flow is unidirectional (excluding EigenLayer contracts): Users → DepositPool → NodeDelegator → LRTUnstakingVault → WithdrawalManager → Users

Additional key contracts:

• LRTOracle: Provides exchange rates for rsETH and the supported LSDs.

• LRTConfig: Contains parameters and addresses of deployed contracts. It's controlled by the 6/8 External Admin multisig. All contracts depend on it for access control and inter-contract communication.

Withdrawals are typically subjected to a 7-day withdrawal delay from EigenLayer. That being said, KelpDAO recently implemented a buffer pool in the LRTUnstakingVault contract to reduce the delay to 2 days for small withdrawals.

1.2.2 Architecture Diagram

Source: KelpDAO documentation (July 19th, 2024)

1.2.3 Key Components

rsETH

The rsETH contract is an ERC20 contract for the rsETH LRT token.

DepositPool

Receives asset deposits from users and provides them with rsETH LRT in return. Supported assets are ETH, stETH, and ETHx. The exchange rate for rsETH is calculated using the data feed provided by the LRTOracle contract.

LRTOracle

The Oracle contract provides price feeds for each supported asset. This information calculates the correct exchange rate in the DepositPool contract for deposits and the WithdrawalManager contract for withdrawals.

LRTConfig

The LRTConfig contract contains a list of all currently deployed protocol contracts, the protocol configuration, and a role-based access control system.

NodeDelegator

NodeDelegator contracts are proxies to EigenLayer Operator entities. They allocate their assets to the Operators selected by KelpDAO and receive re-staking rewards distributed by EigenLayer Operators. Although each NodeDelegator contract currently delegates its balance to a single EigenLayer Operator, they can potentially split their allocation between multiple EigenLayer Operators.

WithdrawalManager

Registers and tracks user withdrawal requests, which follow a two-step process. It contains a withdrawal queue for each asset supported by the Protocol.

LRTWithdrawalManager

The LRTWithdrawalManager contract contains unstaked assets waiting to be allocated to user withdrawal requests in the WithdrawalManager contract.

Operators

EigenLayer Operators are selected by KelpDAO based on their track records and reliability.

Section 2: Performance Analysis

This section evaluates rsETH quantitatively, analyzing token usage and competitive metrics and addressing subsidized economic activity.

The section is divided into three sub-sections:

• 2.1: Usage Metrics

• 2.2: Competitive Analysis Metrics

• 2.3: Subsidization of Economic Activity

2.1 Usage Metrics

2.1.1 Total Value Locked (TVL)

TVL has decreased since its ATH of approximately 1.2B in late May 2024.

Source: Dune (July 23rd, 2024)

2.1.2 Transaction Volume

The transaction volume peaked on June 27th, 2024, at approximately $440m, representing an outlier compared to the mean observed. This event corresponds to the maturity of the Pendle rsETH market.

Source: Dune (July 17th, 2024)

2.1.3 Average Deposit Size

Daily deposits maintained a consistently net positive trend until early May, with notable activity periods in December at launch, February, and April, coinciding with overall market activity.

Recent data shows some large withdrawals. Since the Protocol's inception, an average of 1608 rsETH per day has been minted.

Source: Dune, forked from this query (July 23rd, 2024)

2.1.4 Active Addresses/Users

Since the Protocol's inception, new addresses have dominated activity, reflecting the Protocol's user growth. This pattern suggests that after initial interaction with rsETH — primarily through minting — users tend to reduce active engagement with the Protocol.

Source: Dune (July 23rd, 2024)

2.1.5 User Growth

KelpDAO experienced its most significant growth at launch in December 2023 and the latter half of January. Subsequently, its user base continued to expand at a slower but steady pace.

Source: Dune (July 23rd, 2024)

Recently, the Protocol has experienced a notable deceleration in growth rate.

Source: Dune (July 17th, 2024)

2.1.6 LRT Token Staleness

The token staleness graph indicates the amount of rsETH held on a given address for less than N days. The logarithmic-like shape of the figure shows that rsETH tends to be held for a shorter time rather than a long time. Several factors explain this, a significant being that users do not simply hold on to rsETH in their wallets but rapidly deposit into protocols like Pendle or Balancer.

Source: Dune (July 23rd, 2024)

2.1.9 Integration with Other Protocols

rsETH is held in several protocols, the largest being that of the LayerZero omnichain adapter for rsETH. It is used primarily on Arbitrum, where 16468 rsETH are currently bridged. Then comes Zircuit and Pendle in second and third position, respectively. The WithdrawalManager contract's balance of rsETH — a measure of pending withdrawal requests — comes in only seven positions.

Source: Dune (July 17th, 2024)

2.2 Competitive Analysis Metrics

2.2.1 Market Share

As of July 17th, 2024, KelpDAO is the fourth biggest LRT protocol with $893m in TVL, while EtherFi weETH is leading with over $5B in TVL.

Source: Dune (July 17th, 2024)

2.2.2 Trading Volume Share in Total LRT Trading Volume

rsETH trading volume represents a relatively small proportion of the overall LRT trading volume, proportional to its share of the LRT market.

Source: Dune (July 17th, 2024)

Source: Dune (July 17th, 2024)

2.2.3 Protocol Staking Yield

The rsETH yield has been relatively stable for the last two months. We note a strong increase in the yield lately, reaching a monthly APY of 4.5% and a weekly APY of 13.5%. We found no positive depeg of the underlying LSTs that could explain this change in the rsETH yield. We believe it is due to a large block reward obtained through their native ETH staking activity. Both the weekly and monthly APY currently sit at 5%.

Source: Dune (July 17th, 2024)

2.2.4 Slashing Rate

Regarding the Ethereum consensus, no validators operated by KelpDAO on behalf of users through professional node operators have been slashed.

2.3 Subsidization of Economic Activity

2.3.1 Existence of an Incentive Program

KelpDAO has implemented several incentive programs to encourage user participation and growth.

KelpDAO distributes Kelp Miles to its users, calculated as Kelp Miles = (Amount of rsETH) Number of days 10,000. These miles will be used to distribute rewards based on users' contributions.

A $250k ARB grant was also received from the Arbitrum Foundation, which is being distributed as an incentive in liquidity pools and for bridging across L2s.

Finally, the "Road to One Billion" program distributes additional EigenLayer points to users re-staking in KelpDAO starting April 2nd, 2024. For the first 30k ETH deposited, users receive 100 extra EigenLayer points per ETH. For the next 40k ETH deposited, users receive 50 extra EigenLayer points per ETH. The incentive lasts 30 days or until the 70k ETH limit is reached, whichever comes first. It applies to native ETH staking on supported chains, including Ethereum Mainnet, Arbitrum, Blast, and upcoming L2s.

Section 3: Market Risk

This section addresses the ease of liquidation based on historical market conditions. It seeks to clarify (1) the Liquid Staking Basis & Volatility of rsETH and (2) the liquidity profile of the collateral. Market risk refers to the potential for financial losses resulting from adverse changes in market conditions.

This section is divided into two sub-sections:

• 3.1: Volatility Analysis

• 3.2: Liquidity Analysis

3.1 Volatility Analysis

3.1.1 Liquid Staking Basis (LSB)

rsETH has been consistently trading above ETH but slightly below its theoretical exchange rate with ETH, with two notable events. The first is a significant depeg at the end of April 2024 that reached approximately -1.5% against ETH on secondary markets, which is correlated with a global market selloff. The second is a strong positive increase around July 14th, 2024, corresponding with the deployment of both ETH withdrawals and a buffer that reduces withdrawal time to 2 days. Those new features helped restore the value of rsETH closer to its expected value of around 1.0186 ETH as of July 18th, 2024. Below is the rsETH/WETH secondary market rate on BalancerV2:

Source: geckoterminal.com (July 4th, 2024)

The internal exchange rate chart below shows the total amount of minted rsETH divided by the ETH value of all assets underpinning it in KelpDAO (ETH, ETHx, and stETH), normalized around zero.

Source: Dune (July 23rd, 2024)

3.1.2 LRT Volatility

The following figure indicates the volatility of the rsETH price. Because rsETH is strongly correlated with ETH, so is its volatility.

Source: Dune (July 17th, 2024)

3.1.3 Yield Volatility

The greater volatility of the yield since June 26th, 2024, echoes the large increase in yield that can be seen in section 2.2.3.

Source: Dune (July 23rd, 2024)

3.2 Liquidity Analysis

3.2.1 Supported DEXs and CEXs

rsETH can be traded on several DEXs, but no CEX at this time. Approximately 33% of the liquidity can be found in the Curve rsETH/weETH liquidity pool, followed by the Balancer rsETH/WETH liquidity pool with 32% of the total liquidity.

Here are the most important liquidity venues as of July 18th, 2024:

• Curve rsETH/weETH with $26m in TVL.

• Balancer rsETH/WETH pool with $25.8m of TVL.

• Nile wrsETH/WETH with $9.98m of TVL.

• Uniswap rsETH/ETH with $11.2m of TVL.

• Balancer rsETH/ETHx with $5.88m of TVL.

Liquidity pools where rsETH is paired with other LSDs include the Balancer rsETH/ETHx and the Curve rsETH/weETH pools.

rsETH is also integrated into Pendle, a future yield trading protocol that concentrates most of the rsETH supply. Two markets are available for rsETH, allowing users to forfeit their points and miles in exchange for a fixed yield at maturity. The first is a standard future yield rsETH, while the second stakes into the Zircuit ZK-rollup. These markets offer yields of around 8% depending on the maturity date. The standard rsETH Pendle market has maintained a TVL of around $25m during the last three maturity periods, while the Zircuit rsETH market TVL has decreased from $8m to around $1.5m.

In terms of slippage, the AMM aggregator CowSwap can swap 7,000 rsETH ($24.4m) for ETH under 0.5% of slippage, whereas ParaSwap can swap 5,700 rsETH for ETH under 0.5% of slippage.

3.2.2 DEX Volume

Here is the trading volume of the four biggest DEXs supporting rsETH. We can see that most of the liquidity has switched from the BalancerV2 rsETH/WETH pool to the Curve rsETH/weETH liquidity pool.

Source: Dune (July 17th, 2024)

Below is the DEX volume per day over the previous month:

Source: Dune (July 17th, 2024)

3.2.3 Trading Volume to Market Capitalization Ratio

Historical data indicates a mean daily volume-to-market capitalization ratio of 0.20%, five days above the 3% mark.

Source: Dune (June 22nd 2024)

3.2.4 LRT Leverage Ratio

The PrismaLRT rsETH/ULTRA market allows the deposit of rsETH and minting of the ULTRA stablecoin. Currently, $301k of rsETH is deposited, and $136k of ULTRA stablecoin is minted. 13.5% of the allowed mintable ULTRA limit of $10m is reached. The minimum collateralization ratio is 130%, and the current collateralization ratio of the debt stands at 221%.

Section 4: Technological Risk

This section addresses the persistence of collateral properties from a technological perspective. It aims to convey (1) where technological risk arises that can change the fundamental properties of the collateral (e.g., unresolved audit issues) and (2) whether any composability/dependency requirements present potential issues (e.g., is a reliable price feed oracle available?).

This section is divided into three sub-sections:

• 4.1: Smart Contract Risk

• 4.2: Product and Layer Composability

• 4.3: Oracle Pricefeed Availability

4.1: Smart Contract Risk

4.1.1 Protocol Audits

KelpDAO's contracts have undergone three audits by renowned industry auditors:

• SigmaPrime (December 2023): This audit found ten issues, including two medium-risk, three low-risk, and five informational. One medium risk issue was the lack of checks preventing the addition of the same node delegator twice, and the other was a potential attack vector where assets could be sent to the contract manually to inflate the price of rsETH. Both issues have been fixed.

• code4rena (December 11th, 2023): This audit identified five issues, including three high risks and two medium risks. Hundreds of minor findings and recommendations were also proposed, but due to the nature of code4rena's community-driven audits, their quality and relevance varied significantly. Consequently, many findings were rejected or deemed not severe by KelpDAO.

• MixBytes (March 3rd, 2024): This audit identified 22 issues, including four high-risk, ten medium-risk, and eight low-risk. No critical risk findings were reported. This audit focused on integrating ETH native re-staking and asset swapping within the DepositPool contract. All high-risk findings were related to these new features.

All issues were either fixed by the team or dismissed with valid reasons.

4.1.2 Concerning Audit Signs

Non-atomic upgrades

Upgrading the contracts requires several update functions to be called in multiple transactions, making it possible for an attacker to intervene during a non-atomic deployment. This also applies to adding new supported assets, potentially leading to invalid exchange rates for rsETH. Because this only applies to the first deployment of a TransparentUpgradeableProxy and not subsequent updates, the KelpDAO team deemed this not an emergency. However, they mentioned their plan to support atomic contract deployment and upgrades in the future as recommended.

Token balance manipulation

Although an inflation attack is deemed economically unviable due to the significant TVL of the Protocol, manual token balance manipulation could prevent the removal of NodeDelegator smart contracts. This was mitigated by tracking asset balances independently from contract token balances using integer variables.

Duplicate NodeDelegator addresses

The Protocol allows adding the same NodeDelegator contract address twice, causing assets deposited into the DepositPool contract to be matched to the first NodeDelegator contract address in the queue, leading to invalid information being returned by the getAssetDistributionData() function. The KelpDAO team has resolved this.

4.1.3 Bug Bounty

There is no active bounty for the KelpDAO protocol, but the KelpDAO team mentioned that an Immunefi bounty will go public soon. A code4rena audit competition was held from November 10th to 15th, 2023, with a total reward of 28,000 USDC.

4.1.4 Immutability

All contracts are behind a TransparentUpgradeableProxy whose admin is a Timelock contract. This Timelock has a minimum delay of 10 days and the following roles:

• PROPOSER_ROLE: Assigned to 0xb3696a817D01C8623E66D156B6798291fa10a46d

• CANCELLER_ROLE: Assigned to 0xb3696a817D01C8623E66D156B6798291fa10a46d

• EXECUTOR_ROLE: Assigned to the zero address, meaning anyone can execute a proposal once the delay has passed.

Protocol roles found in the contracts include:

• MANAGER: Assigned to Kelp Manager 2/5 multisig, responsible for updating asset deposit limits, transferring assets between contracts, swapping assets within the deposit pool, and pausing contracts.

• OPERATOR_ROLE: Assigned to Kelp Manager 2/5 multisig and an EOA, responsible for staking 32 ETH in EigenLayer, claiming rewards from EigenLayer, and unlocking withdrawal requests.

• MINTER_ROLE: Assigned to DepositPool contract, responsible for minting rsETH.

• BURNER_ROLE: Assigned to Withdrawal contract, responsible for burning rsETH.

• DEFAULT_ADMIN_ROLE: Assigned to Kelp External Admin 6/8 multisig, responsible for upgrading contracts through the Timelock, unpausing the Protocol, updating price feeds, updating the LRT configuration, and adding/removing node delegator contracts.

4.1.5 Developer Activity

The code repository for KelpDAO is public. The commit history shows limited activity, with six commits over five days in February 2024. The initial commit contains most of the code, and subsequent commits pertain to audits and added functionalities.

The last commits are verified using cryptographic signatures, preventing malicious code pushes. No tags, releases, or feature branches are used, suggesting that this repository is the mirror of a private one.

4.1.6 SC Maturity

A glance at the smart contract code reveals professional development practices. The code is heavily tested and documented. Contracts are correctly separated according to their responsibilities, and interfaces are provided for all public-facing methods, facilitating composability and interfacing with the Protocol.

4.1.7 Previous Incidents

On July 22nd, 2024, KelpDAO suffered from a domain redirection hack. A social engineering attack was conducted on the GoDaddy domain provider, with the domain name redirecting to an IP controlled by the attacker. Any attempt to interact with the dApp resulted in a transaction that would deplete the user's wallet. GoDaddy bears full responsibility for this security breach by failing to verify the identity of their interlocutor correctly. KelpDAO has mentioned its intention to move away from GoDaddy and reimburse affected users.

Apart from this recent event, according to the KelpDAO team and public records, the KelpDAO protocol has not suffered any other security breaches.

4.2: Product and Layer Composability

4.2.1 Dependencies

EigenLayer Integration

rsETH distinguishes itself as a Liquid Restaking Token (LRT) through integration with EigenLayer. This platform extends Ethereum's decentralized security infrastructure to additional applications such as Data Availability (DA) layers, oracle networks, and sidechains, offering validators enhanced yield in exchange for assuming greater responsibilities and risks. The collaboration between KelpDAO and EigenLayer's contracts enables this restaking functionality. However, two primary risks are associated with EigenLayer: the potential for crypto-economic security breaches if the cost of corruption is lower than the profit from corruption and the possibility of wrongful slashing due to inaccurately defined slashing conditions or unexpected behavior of node operators. EigenLayer addresses these concerns by developing automated monitoring systems and establishing a security council to oversee slashing decisions.

Offchain Service

Like all liquid staking and liquid restaking protocols, KelpDAO depends on off-chain services to automate some tasks. A common function is to move funds between contracts depending on user requests. For instance, ETH deposits should spin new validators, and withdrawal requests should exit existing validators. Moreover, because assets are restaked into EigenLayer, assets must also be delegated into specific EigenLayer strategies with underlying AVSs and node operators. According to the KelpDAO team, this is done by AWS Lambda functions, meaning that AWS manages the infrastructure, OS, and environment. At the same time, KelpDAO provides the code that should run at regular intervals. A quick look on-chain indicates a 24-hour frequency. The fact that the Lambda functions perform their tasks through an EOA address on AWS raises the question of the management of private keys in a cloud environment. Although the actions available to this off-chain service are limited, a private key leak could allow an attacker to mismanage assets deposited into the Protocol and disrupt it. AWS CloudHSM could be used to mitigate private key security concerns.

KelpDAO's team also mentioned a monitoring tool for supported assets' internal exchange and secondary market rates. If a price deviates more than 1% from its expected value, a multisig proposal is automatically made to pause the Protocol — minting and withdrawals. At least one signer must approve the proposal for it to be executable. Because this risk mitigation method is not instantaneous and requires signers to intervene, it cannot be considered a circuit breaker. The KelpDAO team mentioned their intention to deploy true circuit breakers soon.

There is no publicly available information regarding those off-chain services. Their source code is unavailable, and no audit has been performed. To the best of our knowledge, there is no redundancy, meaning that offline off-chain services could prevent users from withdrawing their assets and the Protocol from operating nominally. That being said, we note that the OPERATOR_ROLE is also assigned to the 2/5 Manager multisig, meaning that other team members could intervene if needed.

4.2.2 Withdrawals Processing

In KelpDAO, withdrawals are a three-step process:

1. When a user initiates a withdrawal, the request enters the withdrawal queue specific to the asset requested, and both the asset/rsETH exchange rate at the time of initiation and the rsETH amount are recorded.

2. Every 24 hours, an off-chain service operated by KelpDAO will perform multiple transactions to free enough assets and honor withdrawal requests. If the asset requested is an LSD, the offchain service will undelegate enough of that LSD from the EigenLayer strategy. If the requested asset is ETH, the off-chain service will both unstake from the Ethereum consensus — which might take some time depending on the exit queue length — and undelegate that asset from the associated EigenLayer strategy. In that sense, ETH withdrawals are necessarily longer than LSD withdrawals. Once assets are freed, the unlockQueue method is called to loop over active withdrawal requests, match freed assets to each of them, and then mark them as unlocked.

3. Finally, after a minimum of 7 days after step (1) imposed by KelpDAO, the user can withdraw their funds.

Apart from this procedure, KelpDAO has added the ability to transfer funds sitting in the LRTDepositPool contract to the LRTUnstakingVault contract instead of having to withdraw delegated funds from the NodeDelegator contracts first. Given the time it takes for the off-chain service to move funds around and depending on the availability of funds in the LRTDepositPool contract, this can reduce the withdrawal delay to 2 days.

If more assets are needed in the LRTDepositPool contract, withdrawal delay depends on several factors. If ETH is withdrawn, the total withdrawal time is:

maximum withdrawal time = consensus exit queue + 24 hours offchain service frequency + 7 days KelpDAO withdrawal time

If an LSD is withdrawn, the total withdrawal time is as follows:

maximum withdrawal time = 24 hours offchain service frequency + 7 days KelpDAO withdrawal time

Interestingly, the asset/rsETH exchange rate is calculated twice: first, when the withdrawal request is created and again when the off-chain service unlocks withdrawal requests. The second calculation will override the first if it is lower, which prevents an attacker from benefitting from an unfair exchange rate due to an LSD that is de-pegging either temporarily or constantly.

4.3 Oracles Price Feed Availability

The KelpDAO protocol uses a price feed aggregator contract for the different price feeds it requires (rsETH, ETHx, and stETH). These price feeds are used to calculate the correct exchange rates between these assets and rsETH, the liquid restaking token of KelpDAO. The ETHx Oracle uses internal exchange rates, while stETH uses a hardcoded exchange rate of 1 with ETH. This could have potentially hazardous consequences if stETH were to depeg, either temporarily if the demand or supply is extreme or indefinitely if stETH validators were to be slashed. Interestingly, Aave also uses a hardcoded exchange rate 1 in its stETH markets. Finally, the rsETH/ETH rate is calculated by dividing the rsETH supply by the sum of all assets underpinning it, denominated in ETH.

It is worth noting that the price aggregator will automatically revert the transaction if an asset price returns a value that deviates more than a specific threshold compared to the previous value. However, as of today, this threshold is set to 0, effectively turning off this check in the code.

Apart from this price feed aggregator contract used by the Protocol, a rsETH/ETH Chainlink oracle is available for obtaining the secondary market rate of rsETH. It is characterized by a 24-hour heartbeat (update frequency) and a 0.5% deviation threshold.

Potential Depeg Scenario

A potential attack vector we reviewed could be facilitated by (1) the hardcoded exchange rate of stETH and the internal exchange rate of ETHx and (2) the possibility of withdrawing into any supported asset. If ETHx de-pegged on the market or if stETH de-pegged due to slashing, an attacker could buy the de-pegged asset cheaply, deposit it to obtain rsETH at an unfair exchange rate, and then withdraw a non-degged asset. Theoretically, an attacker could replace all non-de-pegging assets in KelpDAO with a de-pegging asset, resulting in a net loss for all depositors, regardless of the asset they initially deposited.

In practice, this attack is limited by several factors:

• EigenLayer imposes a minimum withdrawal delay of 7 days.

• A current mitigation strategy involves monitoring various exchange rates and proposing to pause the system if an anomaly is detected. Price feed oracles would be updated before unpausing the Protocol.

• The composition of collateral assets: ETHx represents a large proportion of KelpDAO's assets and has strong safeguards against de-pegging due to its protection against slashing by operator collateral. In contrast, stETH represents a very small portion of the assets. While stETH is theoretically vulnerable to slashing, it's a well-established protocol with a diversified operator set, which helps mitigate potential risks. The limited exposure to stETH further reduces the overall risk to the system.

KelpDAO's current design collectivizes risk and potential losses across all its underlying tokens. This conscious architectural choice abstracts the underlying collateral, making rsETH characteristics independent and fungible. It offers users flexibility in asset withdrawal and prevents liquidity fragmentation. While this approach has clear advantages, it involves a trade-off: the Protocol needs to fully segregate the risks of different minting assets or strictly honor users' initial asset choices.

4.3.1 Understanding the Oracle

A Chainlink rsETH/ETH oracle provides a price feed across multiple networks: Ethereum, Optimism, and Arbitrum. These oracles operate with a 24-hour heartbeat and a 0.5% deviation threshold.

Chainlink employs a Volume Weighted Average Price (VWAP) aggregation methodology to calculate asset prices. VWAP aggregates price data from various trading environments, weighting each price by the volume traded on those markets. This method ensures that the reported price reflects the average price across significant trading venues rather than being skewed by outlier prices or low-liquidity exchanges. For more detailed information on the advantages of VWAP, refer to Chainlink's documentation on TWAP vs. VWAP.

4.3.2 Token Liquidity and Distribution

The distribution of rsETH tokens is illustrated in the provided chart sourced from Etherscan as of July 19th, 2024:

According to the chart:

• The largest holder of rsETH is LayerZero, which holds 16.3% of the total supply.

• The Zircuit re-staking pool is the second-largest holder, with 14.9% of the total supply.

• The Pendle rsETH fixed-yield market follows with 12.3% of the total supply.

• The next three wallets are unknown EOAs, which hold more than 23% of the total supply.

The distribution appears relatively even and gradually decreases among holders, indicating broad usage and adoption of rsETH. Although significant amounts are locked in Pendle and the Layer0 bridge, these holdings remain a fraction of the total supply and do not threaten the liquidity of rsETH. This distribution pattern suggests a healthy ecosystem where various entities hold and utilize rsETH, which supports its stability and usability within the KelpDAO ecosystem.

Section 5: Counterparty Risk

This section addresses the persistence of rsETH's properties from an ownership rights perspective (i.e., possession, use, transfer, exclusion, profiteering, control, legal claim). The reader should get a clear idea of (1) who can legitimately change properties of the collateral (e.g., minting additional units) and what their reputation is, (2) the extent to which changes can be implemented, and the effect on the collateral.

This section is divided into four subsections:

• 5.1: Governance

• 5.2: Decentralization of the LRT

• 5.3: Legal

5.1 Governance

5.1.1 Governance Scope

A DAO does not currently govern KelpDAO nor propose any governance token. Although a future governance token is mentioned, no details are provided. We can expect Kelp Miles to play a role in this.

5.1.2 Access Control

KelpDAO uses a role-based access control system.

The timelock contract, which can upgrade contracts, has the following roles:

• PROPOSER_ROLE assigned to the 6/8 external admin multisig.

• CANCELLER_ROLE assigned to the 6/8 external admin multisig.

• EXECUTOR_ROLE is assigned to the zero address, meaning anyone can execute a proposal once the minimum delay has passed.

The External Admin 6/8 multisig with the DEFAULT_ADMIN_ROLE has the following signers, who are all publicly known personas:

• Igal Bini (Partner & Head of Partnerships, Israeli Blockchain Association)

• Lars Rensing (CEO, Protokol, Core Team at Cluster Capital)

• Michael Kam (Investment Partner, Avid VC)

• Amrit Kumar (COO, AltLayer)

• Ramani Ramachandran (CEO, Router Protocol & Dfyn.network)

• Dheeraj Borra

• Gustavo

• Amitej Gajjala

The Kelp Manager 2/5 multisig, with the MANAGER and OPERATOR roles, can execute several lower-security actions like moving funds between contracts and pausing the Protocol. It has the following participants:

• Dheeraj Borra

• Gustavo

• 0x51C59785639CCa31c09D0833749e76A5D945C9F3

• 0x601767c4ba4134cc2E906ea7cf25EaB845152A7C

• 0x0e4B97563723eF7f0a7FDe4c7bD3B17a5bF63fBf

The Kelp Admin 3/5 multisig appears to be an ancient multisig that previously held responsibility for the 6/8 External Admin multisig. It includes the following signers:

• Amitej Gajjala

• Dheeraj Borra

• Gustavo

• 0x601767c4ba4134cc2E906ea7cf25EaB845152A7C

• 0x0e4B97563723eF7f0a7FDe4c7bD3B17a5bF63fBf

The KelpDAO team mentioned their intent to distribute a governance token soon. Although no details are provided, we can expect the External Admin 6/8 multisig to be replaced or restricted by the vote of governance token holders for proposals.

5.1.3 Distribution of Governance Tokens

KelpDAO is currently not a DAO and does not propose a governance token to the public. We expect Kelp Miles to play a role in the future distribution of governance tokens.

5.1.4 Proposals Frequency

There is no forum where proposals and protocol changes are discussed. The KelpDAO team unilaterally decides on the Protocol's direction.

5.1.5 Participation

There is no governance forum nor Snapshot.org page for KelpDAO. Direct communication with the KelpDAO team is possible via a Telegram channel with ~8,800 members, as well as through their Discord server. A quick look at the Discord server shows two moderators and eight private members (KelpDAO team). Discussions are mostly limited to announcements and answering questions from KelpDAO users by the team. We conclude that protocol participation from users is limited, which is echoed by the lack of a DAO and governance token.

5.2 Decentralization of the LRT

5.2.1 Number of Node Operators

Ethereum Consensus Staking

Since KelpDAO accepts ETH deposits, it must operate validators on behalf of its users, similar to other liquid staking protocols. KelpDAO delegates this responsibility to three professional node operators:

• Kiln: 4.52% network penetration.

• AllNodes: 2.98% network penetration.

• Luganodes: 0.34% network penetration.

All are well-known large node operators with a high attestation rate. According to the KelpDAO team, node operators are selected based on their rated. Network metrics and Total Value Locked (TVL) secured.

EigenLayer Re-staking

For re-staking into EigenLayer, KelpDAO currently utilizes Kiln and Luganodes as operators.

5.2.2 Validators per Node Operator

• Kiln: 2600 validators

• AllNodes: 2600 validators

This totals 5,200 validators, representing 165,510 ETH deposited, as shown on the KelpDAO application.

5.2.3 Churn

Until mid-April 2024, the rsETH supply has continuously increased; it has seen some large burn events ever since.

Source: Dune, forked from this query (July 23, 2024)

5.2.4 Distribution Across Geographical Locations

The location of validators operated by Kiln, AllNodes, and Luganodes is not publicly disclosed. However, they are expected to manage their infrastructure in third-party data centers. The use of professional node operators and the centralization they bring to Ethereum is common across most liquid staking protocols.

5.2.5 Node Software Diversity

The KelpDAO team needed to provide a detailed node client diversity metric. However, they indicated that no validator is using the Geth execution client — the only node client above the 33% majority risk ratio, which accounts for 55% of the execution client share. This reduces the probability of KelpDAO validators suffering from correlated slashing.

5.3 Legal

5.3.1 Legal Structure

The user interface accessible at kelpdao.xyz/ and its subdomains, including any accompanying mobile or web applications and smart contracts, are provided by Evercrest Technologies Inc., a company domiciled in Panama, as elucidated by the Kelp team. However, Panama's corporate registry requirements and fee barriers make public data on the company's incorporation details and ownership structure inaccessible.

The inception of Kelp traces back to Amitej Gajjala and Dheeraj Borra, the founders who previously established Stader Labs. It is reasonable to assume these individuals are registered as shareholders and authorized representatives of Evercrest Technologies Inc.

5.3.2 Licenses

The Panamanian legal landscape, as detailed in our ETHx report, remains unchanged. Cryptocurrencies operate unregulated without legal categorization as monetary instruments, securities, official currencies, or digital assets under Panama's jurisdiction.

Since non-custodial staking falls outside current laws and regulations, a similar argument could extend to re-staking, which derives core principles from staking.

While Evercrest Technologies Inc., domiciled in a jurisdiction lacking comprehensive blockchain application regulations, has not sought legal counsel regarding the regulatory status of rsETH, akin to the security qualification opinion obtained by Stader for MATICx. This is not urgent, but the Kelp team remains vigilant regarding potential regulatory implications.

5.3.3 Enforcement Actions

No publicly available information suggests Kelp DAO has faced legal proceedings or enforcement actions initiated by regulators or competent authorities globally.

5.3.4 Sanctions

While Kelp does not actively implement access restrictions at the user interface level, the Terms of Service impose self-acknowledgment conditions that users must adhere to.

By utilizing the Site, App, and Smart Contracts, users represent and warrant that they are not subject to any sanctions administered or enforced by designated authorities, including OFAC, the U.S. Department of State, the United Nations Security Council, the European Union, Her Majesty's Treasury, the Hong Kong Monetary Authority, or the Monetary Authority of Singapore. Furthermore, users confirm that they are not located in, organized by, citizens of, or residents of countries or territories subject to such sanctions, nor are they listed on any sanctioned persons list maintained under these sanctions regimes.

Users acknowledge that any funds or digital assets staked, restaked, or deposited in third-party restaking protocols, Actively Validated Services, or Validator Service Providers are not derived from or related to unlawful activities, including money laundering or terrorist financing. Users further undertake not to utilize the Smart Contracts, Site, or App to finance, engage in, or support any unlawful activities or in a manner that aids or facilitates another party's involvement in such activities.

The company reserves the right to conduct "Know Your Customer" and "Anti-Money Laundering" checks on users if deemed necessary at their sole discretion or if such checks become mandatory under applicable laws in any jurisdiction. The company also retains the right to refuse or terminate a user's current or future use of the Site and App if they provide untrue, inaccurate, outdated, or incomplete information.

5.3.5 Liability Risk

Kelp's App features and Services' scope are thoroughly explained in the Terms of Service. The points that deserve increased user attention are described below.

Kelp operates as a non-custodial protocol, relinquishing control and custody of users' digital assets, which remain under the sole purview of the user through their independently selected wallet service. Kelp bears no responsibility for third-party services or platforms related to wallets, blockchain networks, or restaking protocols, absolving itself of liability for actions or failures of these entities. Users assume full responsibility for the security of their electronic wallets, waiving all claims against Kelp related to wallet use, asset loss, transaction failures, or defects arising from wallet software utilization. The App functions as a client-side, non-custodial smart contract-based solution, facilitating user interactions with third-party restaking protocols, Actively Validated Services (AVS), and validators without Kelp holding users' digital assets, keys, or information, precluding access, recovery, or reversal of transactions.

Kelp dissociates itself from endorsing or advising users regarding Validator Service Providers or AVS, disclaiming responsibility for third-party content or services, and insulating itself from liability for damages or losses arising from interactions with these entities or reliance on information provided.

Operating solely as an administrative platform connecting users with third-party restaking protocols and services, the App disclaims any identity as a financial institution, exchange, custodian, or intermediary. Kelp and its affiliates limit their aggregate liability for any claims related to the App or third-party services to the greater of amounts paid by the user in the preceding 12 months or $200, excluding indirect, incidental, special, consequential, or exemplary damages. Users can contact the Grievance Officer to address concerns or grievances related to Kelp's services or violations of the Terms of Use, with the option to escalate unresolved issues to the relevant supervisory authority or regulatory body.

5.3.6 Adverse Media Check

There are no indications of any adverse media related to KelpDAO, its co-founders, or the operating entity that suggest involvement in unlawful activities such as money laundering, corruption, sanctions exposure, or threat financing.

Section 6: Risk Management

This section will summarize the report's findings by highlighting the most significant risk factors in the three categories: Market Risk, Technology Risk, and Counterparty Risk.

6.1.1 Market Risk

LIQUIDITY: Does the LSD have a liquid market that can facilitate liquidations in all foreseeable market events?

The on-chain liquidity for rsETH is relatively good, with multiple integrations and liquidity venues. The minted rsETH is also relatively spread out among wallets and protocols, with no single EOA concentrating a significant portion of the supply. Top holders include LayerZero, a Zircuit re-staking pool, and a Pendle rsETH fixed-rate market. Liquidity pools with rsETH are either paired with WETH, ETH, ETHx from Stader, or weETH from EtherFi.

VOLATILITY: Has the LSD had any significant depeg event?

The rsETH/ETH secondary market rate has consistently traded at a small discount compared to the protocol's internal exchange rate. However, the peg has recently improved due to the addition of ETH withdrawals and a reduced withdrawal delay from 7 to 2 days. The only significant depeg event was a -1.5% deviation in late April, which quickly corrected. Notably, as rsETH is partially backed by LSDs, its exchange rate with ETH would be affected by any LSD depeg. This is an inherent characteristic of an LRT backed by LSDs, not a fault of Kelp. By using the internal exchange rates of LSDs, KelpDAO provides rsETH/ETH with a more stable exchange rate.

6.1.2 Technology Risk

SMART CONTRACTS: Does the analysis of the audits and development activity suggest any cause for concern?

KelpDAO has conducted three audits on its codebase from renowned auditors. Although no serious flaws were revealed, some fixes were made. The codebase is public on GitHub, well-documented, and shows professional development practices. However, online development activity is limited to a few commits; no PRs or tagged releases are visible. A Code4rena audit competition allowed anyone to disclose vulnerabilities, but the total reward was limited to $28k, which is low compared to industry standards. Kelp has stated that a bug bounty program will be implemented shortly, which we consider crucial before onboarding.

DEPENDENCIES: Does the analysis of dependencies (e.g., oracles) suggest any cause for concern?

KelpDAO directly depends on the internal exchange rates of ETHx and uses a hardcoded exchange rate of 1 for stETH. While beneficial for exchange rate stability, this could enable an arbitrage attack if one of the supported LSDs were to depeg. The KelpDAO team has provided a mitigation strategy, but it remains imperfect and could still result in a net loss for KelpDAO users in some cases. The implementation of a circuit breaker should improve this issue. The rsETH/ETH exchange rate, used for deposits and withdrawals, relies on the price of its underlying assets.

KelpDAO also relies on off-chain services for some aspects of the protocol. These services operate through an EOA whose private keys are stored in an AWS secret manager, authenticated using a role-based access control system. Although no funds can be stolen if the private keys leak, a more robust and secure approach is warranted. A decentralized set of off-chain services with an on-chain threshold consensus could enhance reliability and security.

6.1.3 Counterparty Risk

CENTRALIZATION: Are there any significant centralization vectors that could rug users?

KelpDAO remains very centralized, with the development team having significant power over contract upgrades, protocol parameters, and total control over the off-chain services needed for minting and withdrawals to work correctly. There is no DAO nor governance tokens. Communication mediums for users exist, including Twitter, Telegram, and Discord, but they mostly serve marketing and support purposes. However, a role-based access control system and two different multisigs, along with a timelock with a 10-day delay for contract upgrades, provide a solid foundation upon which more decentralization should be built.

LEGAL: Does the legal analysis of the Protocol suggest any cause for concern?

Kelp’s Terms of Service require users to self-acknowledge compliance with sanctions and ensure their funds are not linked to illegal activities. However, Kelp does not enforce access restrictions at the user interface level. Users must confirm they are not sanctioned or from sanctioned regions and agree not to use Kelp for unlawful purposes. Kelp may conduct "Know Your Customer" and "Anti-Money Laundering" checks and terminate services if users provide false information.

Advertised as a non-custodial protocol—even though the protocol is relatively centralized with the team having control over it — KelpDAO claims that users are fully responsible for their digital assets and wallet security, with Kelp bearing no liability for third-party services or issues arising from wallet use. While the terms of services are clear, the Panama incorporation results in a lack of regulatory clarity.

6.1.4 Risk Rating

The following chart summarizes a risk rating for rsETH as collateral based on the risks identified for each category. The rating for each category is ranked from excellent, good, ok, and poor.

• We rank rsETH good in liquidity for the many liquidity venues that provide it. The existence of DEX pools paired with ETHx, based on the team's relationship with Stader, is a plus.

• We rank rsETH good in volatility because the quality of its peg has increased consistently. The only depeg event was short-lived and limited in strength.

• We rank rsETH ok in smart contracts because of the limited number of issues in the three publicly available audit reports. The code source is public, well-documented, and professional. However, the lack of a bounty is a significant issue, given the importance of TVL.

• We rank rsETH poor in dependencies because of using a fixed exchange rate for stETH and internal exchange rates for ETHx, potentially socializing specific asset risks between all depositors. The lack of transparency regarding off-chain services is also a cause for concern. Although essential to the correct operation of the protocol, they are operated in a centralized way through EOAs.

• We rank rsETH ok in decentralization because the team still has significant control over the protocol, and there is no clear path to decentralization. Validators are trusted by three professional node operators, which is good but could be greater. The role-based access control system, the multisigs, and the Timelock are positive.

• We rank rsETH good in legal for establishing a fully compliant legal structure in the Panama Islands. Although user terms are clear, there still needs to be regulatory clarity from Panama's securities laws.