Node Operator Assessment: P2P

Node Operator Assessment: P2P

Node Operator Assessment: P2P

YieldNestRisk

Jul 14, 2024

Useful Links

This report is conducted by the YieldNest independent risk and research team operated by Llama Risk in support of its node operator onboarding process. In this report, we examine P2P, a professional node operator.

This report provides insights into the operational practices, historical performance, and relevant risk factors of P2P as a restaking service provider. Our approach involves both quantitative and qualitative analysis to help inform the YieldNest community about making restaked ETH delegation decisions.

Section 1: Operator Introduction

This section addresses the fundamentals of the Node Operator. It contains descriptive elements that provide an introduction to the service provider.

1.1. Service Offering

P2P.org is a platform that provides secure and efficient staking opportunities for cryptocurrency holders. It is a staking-as-a-service (SaaS) solution provider. The platform provides non-custodial staking services across a variety of networks, allowing users to delegate tokens exclusively to the P2P StaaS platform. In this manner, users maintain complete ownership of delegated tokens, receive increased staking rewards, and benefit from P2P.org management.

The platform also provides a diverse selection of staking products, real-time data services for proof-of-stake networks, tools for Web3 development, monitoring tools (dashboard), and related educational content. Currently, the 250 professionals at P2P.org are committed to advancing Proof-of-Stake (PoS) technology and improving user experiences.

In addition to staking services, P2P.org represents delegators in governance decisions across supported networks, actively promoting their interests.

Source: P2P Product Section

1.2. Staking Service Provider Longevity

P2P.org was founded in September 2018, but the team has actively operated in the blockchain space since 2013.

1.3. Team

Source: LinkedIn

1.4. Investors

On April 20, 2023, P2P.org raised $23 million in Series A funding from investors, including Jump Crypto, Bybit, and Sygnum.

In turn, P2P has conducted 3 raises:

  • Apr 24, 2023 - Rise - seed round - $3.8m

  • Jan 25, 2023 - Intropia - angel round - N/A

  • Jan 20, 2023 - Architect - seed round - $5m

Source: RootData | Date: 6/27/2024

1.5. Communication and Engagement

P2P.org maintains an active blog where they publish insights, guides, and news about developments. The organization frequently posts updates about network changes, partnerships, and product enhancements.

On top of regular publications, high user engagement is maintained through active social media interaction, and direct email communication.

Section 2: Business Sustainability

This section goes into further detail about the node operator business model, including its revenue streams and industry partnerships. This information should provide insight into the sustainability of the operator's business.

2.1. Business Model

P2P.org offers a range of Staking-as-a-Service (SaaS) products for institutions, custodians, wallets, and exchanges. The ETH staking app allows non-custodial, KYC-free staking for Ethereum with a minimum of 32 ETH. It features an auto-staking function through smart contracts and provides a personal dashboard for performance monitoring. The Staking API allows clients to integrate advanced staking capabilities, while the Staking Data API offers near real-time staking data integration. P2P.org's Data Services product offers staking-data analytics and insights from over 40+ chains and 10+ DeFi protocols.

Staking-as-a-Business (StaaB) by P2P.org is designed to support the core business operations of enterprises by integrating staking services into their existing frameworks. This solution leverages P2P.org's comprehensive infrastructure, stringent security measures, and round-the-clock support to provide a seamless staking experience. SaaB targets institutions, custodians, wallets, and exchanges, offering them the ability to launch profitable revenue streams through staking. The platform includes features such as real-time data access, extensive compliance support, and a user-friendly dashboard that simplifies monitoring and reporting. Additionally, SaaB emphasizes partnership, providing dedicated business, legal, and marketing support to ensure successful integration and operation. With SaaB, businesses can enhance their offerings, attract new users, and maximize their staking rewards, all while maintaining high standards of security and reliability.

Source: P2P.org

2.2. Revenue Streams

P2P caters primarily to institutional clients such as exchanges, custodians, investment funds, wallets, private investors, RaaS platforms, and L1/L2 networks. Under the established business-to-business (B2B) model different projects are allowed to integrate P2P staking pools on their front-end. While not excluding retail investors, P2P's focus on institutional clients is evident in its minimum staking requirement of 32 ETH to deploy one ETH validator on the platform.

With a client base of over 150 institutional entities, P2P has solidified its standing in the industry. The platform offers staking services for more than 40 different blockchain networks.

1. ETH Staking App

P2P's ETH staking platform provides users with a seamless and secure way to participate in Ethereum staking, offering various features to enhance their staking experience and potential rewards. The staking process is completely non-custodial, as the participation requirement is set at a minimum of 32 ETH, required to spin up 1 validator.

Key features of the ETH staking dApp include aslo EigenLayer restaking, and soon-to-be-introduced SSV DVT staking. EigenLayer restaking enables users to leverage their existing ETH stakes to secure AVSs and earn extra rewards, providing an opportunity to maximize their staking potential. Additionally, the upcoming SSV DVT staking feature will offer fault tolerance and potentially higher returns through distributed validator technology, with up to 5.6% APR plus SSV token incentives.

2. Staking API

P2P Staking API is a robust and comprehensive solution designed to integrate staking capabilities into the products of institutions, custodians, wallets, and exchanges. This API allows clients to supercharge their offerings by leveraging P2P's advanced staking infrastructure, stringent security measures, and extensive support services.

3. Staking Data API and Data Services

The Staking Data API provides a seamless and efficient way to integrate near real-time staking data into your applications. Designed for institutions, custodians, wallets, and exchanges, this API offers access to comprehensive, up-to-the-minute data across all major Proof-of-Stake (PoS) blockchains through a unified interface.

P2P's Data Services product provides comprehensive staking-data analytics and insights, designed to empower builders, decision-makers, and developers in the web3 space. This service covers data from over 40+ chains and 10+ DeFi protocols, ensuring a wide array of actionable insights.

2.3. Pricing Model and Fee Structure

P2P.org offers staking services with varying fees depending on the network. For native ETH staking, the fee is 5% of the rewards, regardless of the staked amount. Additionally, P2P.org charges 8% for ATOM staking, 7% for APT staking, and 10% for AXL staking. Both EigenLayer restaking and SSV DVT have a provider provision of 8%.

2.4. Partnerships

P2P is well-partnered:

  • P2P.org teams up with Matrixport to offer staking infrastructure.

  • P2P.org joins forces with Fordefi for enhanced direct staking solutions.

  • P2P.org announces collaboration with Cryptology for enhanced ETH, DOT, KSM, NEAR and GRT staking.

  • CoolWallet partners with P2P.org to offer Polkadot DOT Staking

  • P2P.org and SSV team up to simplify institutional participation

  • P2P.org partners with PrimeStaked for enhanced Ethereum restaking solutions

  • HAQQ and P2P.org: a strategic alliance to power decentralized trading via enhanced SushiSwap integration and advanced graph services

Section 3: Regulatory Compliance

This section outlines the legal status of the operator, including specific conditions to its chosen jurisdiction, and the obligations those impart to its customers. It serves to clarify the likelihood of adverse regulatory conditions that may threaten the operator's service offerings and to understand user assurances.

3.1. Legal and Regulatory Compliance

P2P Terms of Use lack clarity regarding the operating entity responsible for providing a wide range of services, including validator services.

The dispute resolution clause of the Terms specifies that any unresolved disputes will be settled by the court of competent jurisdiction in Seychelles. This provision could be construed as an indication of the jurisdiction of incorporation for the P2P legal entity. However, this contrasts with the information provided in the Privacy Policy, which identifies P2P Staking as the legal entity incorporated under the laws of the Cayman Islands.

While the Pitchbook profile of P2P and the Web3 Foundation grants program also reference the Cayman Islands as the country of establishment, we are unable to freely access and validate incorporation details due to the fee-gated nature of the business registry in the Cayman Islands.

3.2. Jurisdictional Considerations

Staking services, particularly non-custodial staking, are currently not explicitly regulated in both Seychelles and the Cayman Islands. As of the date of this review, there are no official indications that regulatory consultations or other forms of regulatory analysis are being conducted with regard to the future regulation of these activities.

3.3. Transparency

Terms of Use provide definitions of “User Funds”, i.e. "Cryptocurrencies controlled by User or delegated to P2P Staking’s control but ultimately belonging to User" and “Validator Rewards”, i.e. "Cryptocurrency generated by operating Validator Nodes, including, but not limited to, block rewards, endorser rewards, transaction fees and any other direct payments as a result of operating a Validator Node".

P2P commitments are clearly outlined. P2P Staking is responsible for maintaining all necessary hardware, software, connectivity, technological infrastructure, management, and supervision required to deploy Validator Nodes. Users may utilize their cryptocurrencies to support P2P Staking's status as a Delegated Staking Validator. Validator Rewards generated by the Staking Validators will be distributed among users who designate their cryptocurrencies to support P2P Staking, in proportion to the amount of cryptocurrency designated.

Users have complete discretion over whether and how much cryptocurrencies to designate towards supporting P2P Staking's status as a Delegated Validator. Users must manage the designation of cryptocurrencies responsibly, considering the nature of blockchain systems and staying informed about operations and current events relevant to their designations.

3.4. Disclaimers

The Site and Services provided by P2P Staking are offered "as is" without any warranties, whether express or implied, including those related to merchantability, fitness for a particular purpose, and non-infringement. P2P Staking, its affiliates, and service providers are not liable for any claims, damages, or other liabilities arising from the use of the Site and Services. This includes, but is not limited to, losses related to software use, data corruption, system failures, security breaches, and any consequential or punitive damages, regardless of foreseeability.

They are not liable for errors, personal injury, unauthorized access to secure servers, transmission interruptions, or malware. P2P Staking also reserves the right to suspend or prevent access to the Site and Services at their discretion, especially in cases of non-compliance with the Terms or applicable laws.

Section 4: Security Protocols

This section delves into the security documentation of the operator and assesses the protective measures established for delegators. It also examines the security protocols that are implemented and followed, as well as the audits that are carried out. Furthermore, the staking infrastructure is assessed from a security perspective. On the operational side, the focus is on the maintenance of validators and the designs concerning AVS selection.

4.1. Delegator Insurance

P2P.org purports to provide comprehensive protection against slashing with its unique slashing coverage options for all clients, as well as optional slashing insurance. However, none of these statements can be substantiated by examination of the available documentation and other sources related to P2P.

Source: P2P.org

4.2. Internal Security Protocols

  • Key Management (Private Key Policy)

P2P owns validator private keys and claims to guarantee that it will protect those keys according to highest standard - through Threshold signatures, a solution that is adopted by leading custodians.

  • Compliance Certificates (ISO, SOC 2)

In January 2024 P2P completed the SOC 2 Type I audit. P2P is in the process of preparing audit P2P.org collaborated with KirkpatrickPrice.

According to the blog announcement: "we partnered with KirkpatrickPrice, a licensed CPA firm, PCI QSA, and HITRUST CSF Assessor with over eighteen years of experience that has carried out over 20,000 audits. The audit assesses the design and implementation of P2P.org internal controls related to our systems' security, availability, processing integrity, confidentiality, and privacy."

  • Internal Security Controls

Specific details are not disclosed. Nonetheless, SOC2 certification endorses the organization's dedication to high security standards and data protection.

  • Third-party audit reports

Smart Contract audits for ETH Staking app done by MixBytes:

4.3. Node and Staking Infrastructure

  • Validator Infrastructure

The Terms of Use don't explicitly state whether the validator infrastructure is self-maintained by the service provider or if they utilize third-party cloud infrastructure.

When asked about the staking infrastructure, specifically about the type of validators in use (dedicated or shared), the support team responded that such an inquiry shall be subject to information exchange under NDA:

Source: P2P.org

  • Geographically diversification

Information is not available. P2P may rely on a centralized provider such as Google Cloud or Cloudflare Hosting. This reliance on a centralized provider inevitably shifts the distribution of servers to the discretion of the third-party provider. As a result, the geographical diversity and distribution of the infrastructure may be influenced by the policies and practices of the chosen provider.

  • Client diversification

Source: Rated.Network | Date: 6/27/2024

4.4. Validators Maintenance

The Validator Monitoring service has been enabled for Polkadot and Kusama, thanks to the support of the Web 3 Foundation grant. The service provides real-time data tracking features that are currently exclusive to these networks, as Ethereum is currently not supported.

4.5. Node Operator Approach to AVS Selection

P2P operators and entities utilizing P2P staking service infrastructure are outlined in the table below. P2P.org has two dedicated operators responsible for securing all AVSs and all Altlayer-specific AVSs.

Additionally, Ether.fi, Eigenpie, and Renzo are prominent users of P2P's SaaS products.

Source: EigenLayer - Operators

Source: EigenLayer - Operators

Section 5: On-chain Performance

This section focuses on sources that attest to the on-chain track record of the operator, providing valuable insights into their historical performance and behavior. By observing on-chain data, a deeper understanding of the operator's track record and their reliability can be gained.

Over a trailing 30-day period, P2P.org has performed in the top 35% as calculated by Rated.Network's "Rated Effectiveness Rating" (RAVER), a composite scoring metric of operator performance in their deterministic responsibilities.

Source: Rated.Network | Date: 6/27/2024

The following data reflect P2P.org's track record of historical performance as per Rated Network (Rated Network metrics - P2P), 30-day window as of June 22, 2024.

Source: Rated network

P2P.org Staking pool: P2P.org operator is distinguished by having the highest APR compared to Lido/Etherfi/Ledger operators

Source: Rated Network

P2P.org has largest Native Restaking ETH market share (12.12%)

Source: Rated Network

P2P.org representative is also one of the EigenLayer 9/13 community multi-sig signers:

Source: EigenLayer docs

Conclusion

P2P.org emerges as a well-established and reputable player in the staking industry, with a track record dating back to 2013. The company offers a comprehensive suite of staking services, catering primarily to institutional clients, which suggests a focus on high-value, sophisticated customers. P2P.org's recent completion of the SOC 2 Type I audit demonstrates a commitment to maintaining robust security protocols and data protection measures. However, the lack of publicly available details regarding their internal security controls and validator infrastructure raises some concerns about transparency. The company's reliance on a potentially centralized cloud provider for their infrastructure could introduce geographical concentration risks. While P2P.org claims to offer comprehensive slashing protection, the absence of verifiable documentation to support this claim warrants caution. The company's client diversification data shows a heavy reliance on the Prysm client, which could potentially increase systemic risks.

On the positive side, P2P.org's performance metrics, including their top 35% Rated ranking and high APR for their staking pool, indicate strong operational efficiency. The organization's significant market share in Native Restaking ETH further underscores its prominence.

Further to the above, YieldNest Risk upholds the YieldNest decision to make a delegation to P2P.org, recognizing its overall strong position in the market and demonstrated operational capabilities. However, we strongly advise YieldNest to remain vigilant and attentive to the highlighted downsides, particularly the lack of transparency in certain areas and the potential risks associated with infrastructure centralization.

Useful Links

This report is conducted by the YieldNest independent risk and research team operated by Llama Risk in support of its node operator onboarding process. In this report, we examine P2P, a professional node operator.

This report provides insights into the operational practices, historical performance, and relevant risk factors of P2P as a restaking service provider. Our approach involves both quantitative and qualitative analysis to help inform the YieldNest community about making restaked ETH delegation decisions.

Section 1: Operator Introduction

This section addresses the fundamentals of the Node Operator. It contains descriptive elements that provide an introduction to the service provider.

1.1. Service Offering

P2P.org is a platform that provides secure and efficient staking opportunities for cryptocurrency holders. It is a staking-as-a-service (SaaS) solution provider. The platform provides non-custodial staking services across a variety of networks, allowing users to delegate tokens exclusively to the P2P StaaS platform. In this manner, users maintain complete ownership of delegated tokens, receive increased staking rewards, and benefit from P2P.org management.

The platform also provides a diverse selection of staking products, real-time data services for proof-of-stake networks, tools for Web3 development, monitoring tools (dashboard), and related educational content. Currently, the 250 professionals at P2P.org are committed to advancing Proof-of-Stake (PoS) technology and improving user experiences.

In addition to staking services, P2P.org represents delegators in governance decisions across supported networks, actively promoting their interests.

Source: P2P Product Section

1.2. Staking Service Provider Longevity

P2P.org was founded in September 2018, but the team has actively operated in the blockchain space since 2013.

1.3. Team

Source: LinkedIn

1.4. Investors

On April 20, 2023, P2P.org raised $23 million in Series A funding from investors, including Jump Crypto, Bybit, and Sygnum.

In turn, P2P has conducted 3 raises:

  • Apr 24, 2023 - Rise - seed round - $3.8m

  • Jan 25, 2023 - Intropia - angel round - N/A

  • Jan 20, 2023 - Architect - seed round - $5m

Source: RootData | Date: 6/27/2024

1.5. Communication and Engagement

P2P.org maintains an active blog where they publish insights, guides, and news about developments. The organization frequently posts updates about network changes, partnerships, and product enhancements.

On top of regular publications, high user engagement is maintained through active social media interaction, and direct email communication.

Section 2: Business Sustainability

This section goes into further detail about the node operator business model, including its revenue streams and industry partnerships. This information should provide insight into the sustainability of the operator's business.

2.1. Business Model

P2P.org offers a range of Staking-as-a-Service (SaaS) products for institutions, custodians, wallets, and exchanges. The ETH staking app allows non-custodial, KYC-free staking for Ethereum with a minimum of 32 ETH. It features an auto-staking function through smart contracts and provides a personal dashboard for performance monitoring. The Staking API allows clients to integrate advanced staking capabilities, while the Staking Data API offers near real-time staking data integration. P2P.org's Data Services product offers staking-data analytics and insights from over 40+ chains and 10+ DeFi protocols.

Staking-as-a-Business (StaaB) by P2P.org is designed to support the core business operations of enterprises by integrating staking services into their existing frameworks. This solution leverages P2P.org's comprehensive infrastructure, stringent security measures, and round-the-clock support to provide a seamless staking experience. SaaB targets institutions, custodians, wallets, and exchanges, offering them the ability to launch profitable revenue streams through staking. The platform includes features such as real-time data access, extensive compliance support, and a user-friendly dashboard that simplifies monitoring and reporting. Additionally, SaaB emphasizes partnership, providing dedicated business, legal, and marketing support to ensure successful integration and operation. With SaaB, businesses can enhance their offerings, attract new users, and maximize their staking rewards, all while maintaining high standards of security and reliability.

Source: P2P.org

2.2. Revenue Streams

P2P caters primarily to institutional clients such as exchanges, custodians, investment funds, wallets, private investors, RaaS platforms, and L1/L2 networks. Under the established business-to-business (B2B) model different projects are allowed to integrate P2P staking pools on their front-end. While not excluding retail investors, P2P's focus on institutional clients is evident in its minimum staking requirement of 32 ETH to deploy one ETH validator on the platform.

With a client base of over 150 institutional entities, P2P has solidified its standing in the industry. The platform offers staking services for more than 40 different blockchain networks.

1. ETH Staking App

P2P's ETH staking platform provides users with a seamless and secure way to participate in Ethereum staking, offering various features to enhance their staking experience and potential rewards. The staking process is completely non-custodial, as the participation requirement is set at a minimum of 32 ETH, required to spin up 1 validator.

Key features of the ETH staking dApp include aslo EigenLayer restaking, and soon-to-be-introduced SSV DVT staking. EigenLayer restaking enables users to leverage their existing ETH stakes to secure AVSs and earn extra rewards, providing an opportunity to maximize their staking potential. Additionally, the upcoming SSV DVT staking feature will offer fault tolerance and potentially higher returns through distributed validator technology, with up to 5.6% APR plus SSV token incentives.

2. Staking API

P2P Staking API is a robust and comprehensive solution designed to integrate staking capabilities into the products of institutions, custodians, wallets, and exchanges. This API allows clients to supercharge their offerings by leveraging P2P's advanced staking infrastructure, stringent security measures, and extensive support services.

3. Staking Data API and Data Services

The Staking Data API provides a seamless and efficient way to integrate near real-time staking data into your applications. Designed for institutions, custodians, wallets, and exchanges, this API offers access to comprehensive, up-to-the-minute data across all major Proof-of-Stake (PoS) blockchains through a unified interface.

P2P's Data Services product provides comprehensive staking-data analytics and insights, designed to empower builders, decision-makers, and developers in the web3 space. This service covers data from over 40+ chains and 10+ DeFi protocols, ensuring a wide array of actionable insights.

2.3. Pricing Model and Fee Structure

P2P.org offers staking services with varying fees depending on the network. For native ETH staking, the fee is 5% of the rewards, regardless of the staked amount. Additionally, P2P.org charges 8% for ATOM staking, 7% for APT staking, and 10% for AXL staking. Both EigenLayer restaking and SSV DVT have a provider provision of 8%.

2.4. Partnerships

P2P is well-partnered:

  • P2P.org teams up with Matrixport to offer staking infrastructure.

  • P2P.org joins forces with Fordefi for enhanced direct staking solutions.

  • P2P.org announces collaboration with Cryptology for enhanced ETH, DOT, KSM, NEAR and GRT staking.

  • CoolWallet partners with P2P.org to offer Polkadot DOT Staking

  • P2P.org and SSV team up to simplify institutional participation

  • P2P.org partners with PrimeStaked for enhanced Ethereum restaking solutions

  • HAQQ and P2P.org: a strategic alliance to power decentralized trading via enhanced SushiSwap integration and advanced graph services

Section 3: Regulatory Compliance

This section outlines the legal status of the operator, including specific conditions to its chosen jurisdiction, and the obligations those impart to its customers. It serves to clarify the likelihood of adverse regulatory conditions that may threaten the operator's service offerings and to understand user assurances.

3.1. Legal and Regulatory Compliance

P2P Terms of Use lack clarity regarding the operating entity responsible for providing a wide range of services, including validator services.

The dispute resolution clause of the Terms specifies that any unresolved disputes will be settled by the court of competent jurisdiction in Seychelles. This provision could be construed as an indication of the jurisdiction of incorporation for the P2P legal entity. However, this contrasts with the information provided in the Privacy Policy, which identifies P2P Staking as the legal entity incorporated under the laws of the Cayman Islands.

While the Pitchbook profile of P2P and the Web3 Foundation grants program also reference the Cayman Islands as the country of establishment, we are unable to freely access and validate incorporation details due to the fee-gated nature of the business registry in the Cayman Islands.

3.2. Jurisdictional Considerations

Staking services, particularly non-custodial staking, are currently not explicitly regulated in both Seychelles and the Cayman Islands. As of the date of this review, there are no official indications that regulatory consultations or other forms of regulatory analysis are being conducted with regard to the future regulation of these activities.

3.3. Transparency

Terms of Use provide definitions of “User Funds”, i.e. "Cryptocurrencies controlled by User or delegated to P2P Staking’s control but ultimately belonging to User" and “Validator Rewards”, i.e. "Cryptocurrency generated by operating Validator Nodes, including, but not limited to, block rewards, endorser rewards, transaction fees and any other direct payments as a result of operating a Validator Node".

P2P commitments are clearly outlined. P2P Staking is responsible for maintaining all necessary hardware, software, connectivity, technological infrastructure, management, and supervision required to deploy Validator Nodes. Users may utilize their cryptocurrencies to support P2P Staking's status as a Delegated Staking Validator. Validator Rewards generated by the Staking Validators will be distributed among users who designate their cryptocurrencies to support P2P Staking, in proportion to the amount of cryptocurrency designated.

Users have complete discretion over whether and how much cryptocurrencies to designate towards supporting P2P Staking's status as a Delegated Validator. Users must manage the designation of cryptocurrencies responsibly, considering the nature of blockchain systems and staying informed about operations and current events relevant to their designations.

3.4. Disclaimers

The Site and Services provided by P2P Staking are offered "as is" without any warranties, whether express or implied, including those related to merchantability, fitness for a particular purpose, and non-infringement. P2P Staking, its affiliates, and service providers are not liable for any claims, damages, or other liabilities arising from the use of the Site and Services. This includes, but is not limited to, losses related to software use, data corruption, system failures, security breaches, and any consequential or punitive damages, regardless of foreseeability.

They are not liable for errors, personal injury, unauthorized access to secure servers, transmission interruptions, or malware. P2P Staking also reserves the right to suspend or prevent access to the Site and Services at their discretion, especially in cases of non-compliance with the Terms or applicable laws.

Section 4: Security Protocols

This section delves into the security documentation of the operator and assesses the protective measures established for delegators. It also examines the security protocols that are implemented and followed, as well as the audits that are carried out. Furthermore, the staking infrastructure is assessed from a security perspective. On the operational side, the focus is on the maintenance of validators and the designs concerning AVS selection.

4.1. Delegator Insurance

P2P.org purports to provide comprehensive protection against slashing with its unique slashing coverage options for all clients, as well as optional slashing insurance. However, none of these statements can be substantiated by examination of the available documentation and other sources related to P2P.

Source: P2P.org

4.2. Internal Security Protocols

  • Key Management (Private Key Policy)

P2P owns validator private keys and claims to guarantee that it will protect those keys according to highest standard - through Threshold signatures, a solution that is adopted by leading custodians.

  • Compliance Certificates (ISO, SOC 2)

In January 2024 P2P completed the SOC 2 Type I audit. P2P is in the process of preparing audit P2P.org collaborated with KirkpatrickPrice.

According to the blog announcement: "we partnered with KirkpatrickPrice, a licensed CPA firm, PCI QSA, and HITRUST CSF Assessor with over eighteen years of experience that has carried out over 20,000 audits. The audit assesses the design and implementation of P2P.org internal controls related to our systems' security, availability, processing integrity, confidentiality, and privacy."

  • Internal Security Controls

Specific details are not disclosed. Nonetheless, SOC2 certification endorses the organization's dedication to high security standards and data protection.

  • Third-party audit reports

Smart Contract audits for ETH Staking app done by MixBytes:

4.3. Node and Staking Infrastructure

  • Validator Infrastructure

The Terms of Use don't explicitly state whether the validator infrastructure is self-maintained by the service provider or if they utilize third-party cloud infrastructure.

When asked about the staking infrastructure, specifically about the type of validators in use (dedicated or shared), the support team responded that such an inquiry shall be subject to information exchange under NDA:

Source: P2P.org

  • Geographically diversification

Information is not available. P2P may rely on a centralized provider such as Google Cloud or Cloudflare Hosting. This reliance on a centralized provider inevitably shifts the distribution of servers to the discretion of the third-party provider. As a result, the geographical diversity and distribution of the infrastructure may be influenced by the policies and practices of the chosen provider.

  • Client diversification

Source: Rated.Network | Date: 6/27/2024

4.4. Validators Maintenance

The Validator Monitoring service has been enabled for Polkadot and Kusama, thanks to the support of the Web 3 Foundation grant. The service provides real-time data tracking features that are currently exclusive to these networks, as Ethereum is currently not supported.

4.5. Node Operator Approach to AVS Selection

P2P operators and entities utilizing P2P staking service infrastructure are outlined in the table below. P2P.org has two dedicated operators responsible for securing all AVSs and all Altlayer-specific AVSs.

Additionally, Ether.fi, Eigenpie, and Renzo are prominent users of P2P's SaaS products.

Source: EigenLayer - Operators

Source: EigenLayer - Operators

Section 5: On-chain Performance

This section focuses on sources that attest to the on-chain track record of the operator, providing valuable insights into their historical performance and behavior. By observing on-chain data, a deeper understanding of the operator's track record and their reliability can be gained.

Over a trailing 30-day period, P2P.org has performed in the top 35% as calculated by Rated.Network's "Rated Effectiveness Rating" (RAVER), a composite scoring metric of operator performance in their deterministic responsibilities.

Source: Rated.Network | Date: 6/27/2024

The following data reflect P2P.org's track record of historical performance as per Rated Network (Rated Network metrics - P2P), 30-day window as of June 22, 2024.

Source: Rated network

P2P.org Staking pool: P2P.org operator is distinguished by having the highest APR compared to Lido/Etherfi/Ledger operators

Source: Rated Network

P2P.org has largest Native Restaking ETH market share (12.12%)

Source: Rated Network

P2P.org representative is also one of the EigenLayer 9/13 community multi-sig signers:

Source: EigenLayer docs

Conclusion

P2P.org emerges as a well-established and reputable player in the staking industry, with a track record dating back to 2013. The company offers a comprehensive suite of staking services, catering primarily to institutional clients, which suggests a focus on high-value, sophisticated customers. P2P.org's recent completion of the SOC 2 Type I audit demonstrates a commitment to maintaining robust security protocols and data protection measures. However, the lack of publicly available details regarding their internal security controls and validator infrastructure raises some concerns about transparency. The company's reliance on a potentially centralized cloud provider for their infrastructure could introduce geographical concentration risks. While P2P.org claims to offer comprehensive slashing protection, the absence of verifiable documentation to support this claim warrants caution. The company's client diversification data shows a heavy reliance on the Prysm client, which could potentially increase systemic risks.

On the positive side, P2P.org's performance metrics, including their top 35% Rated ranking and high APR for their staking pool, indicate strong operational efficiency. The organization's significant market share in Native Restaking ETH further underscores its prominence.

Further to the above, YieldNest Risk upholds the YieldNest decision to make a delegation to P2P.org, recognizing its overall strong position in the market and demonstrated operational capabilities. However, we strongly advise YieldNest to remain vigilant and attentive to the highlighted downsides, particularly the lack of transparency in certain areas and the potential risks associated with infrastructure centralization.

Our Service

Risk Assessment

Advisory

Simulation

Legal Consultation

Strategy Management

Research

AaveRisk

LlamaRisk

PrismaRisk

ReserveRisk

YieldNestRisk

Contact Us

Analytics

Risk Monitor Portal

© 2023 Llama Risk. All rights reserved.

Privacy Policy

Terms of Service

Our Service

Risk Assessment

Advisory

Simulation

Legal Consultation

Strategy Management

Research

AaveRisk

LlamaRisk

PrismaRisk

ReserveRisk

YieldNestRisk

Contact Us

Analytics

Risk Monitor Portal

© 2023 Llama Risk. All rights reserved.

Privacy Policy

Terms of Service

© 2023 Llama Risk. All rights reserved.

Privacy Policy

Terms of Service

Our Service

Risk Assessment

Advisory

Simulation

Legal Consultation

Strategy Management

Research

AaveRisk

LlamaRisk

PrismaRisk

ReserveRisk

YieldNestRisk

Contact Us

Analytics

Risk Monitor Portal

© 2023 Llama Risk. All rights reserved.

Privacy Policy

Terms of Service