Following a thorough review of the ezETH price cap adapter smart contract, we can confirm the oracle is secure for use.
The contract operates similarly to other LST price cap oracles, and after tracing its design to the Renzo implementation, we verified that the contract correctly returns price data in the expected economic units of [base_currency]/[LST], maintaining the precision of the ETH-USD Chainlink oracle decimals.
In particular, we focused on BGD’s concern regarding the possibility of inflating ezETH’s valuation through donation attacks.
BGD rightly notes that this type of manipulation could harm Aave users if ezETH were borrowable. By artificially inflating the price of the LST through ETH donations, an attacker could trigger liquidations, profiting from the discounted auction of collateral. As long as ezETH remains non-borrowable, the potential for such an attack is, of course, nullified.
When ezETH is used as collateral, the scenario is unfavorable for an attacker. The cost of inflating the price through donations is higher than the benefit gained from increased borrowing power, even under the most extreme conditions (e.g., holding 100% of ezETH supply). For any realistic holding fraction, the cost-benefit ratio of this attack strategy diminishes further, making it economically unviable.
In conclusion, we are confident that the price cap adapter is robust against donation-based price manipulation, and no significant risk to the protocol has been identified.
We attached mathematical reasoning of our conclusion for the collateral safety:
ezETH Price Cap Adapter.pdf (99.9 KB)