[ARFC] Onboard ezETH to Arbitrum and Base Instances

Governance General
3

Summary

LlamaRisk supports the proposal to add ezETH to the Arbitrum and Base instances. The liquidity available on those two chains is small but sufficient and varied enough for bootstrapping new markets. The success of the ezETH onboarding on the Ethereum Lido instance, which quickly reached 100% supply utilization thanks to the CianProtocol leverage-yield integration, bodes well for the potential onboarding of ezETH. Although our calculated recommended supply and borrow caps are slightly lower, we align with the parameters recommended by @ChaosLabs.

Both Arbitrum and Base also benefit from an L2 native re-staking capabilities from Connext and ChainLink CCIP, allowing users to directly mint ezETH in Renzo on L2 without needing them to bridge the asset, which helps bootstrap ezETH’s presence there.

While the access control mechanisms on Arbitrum and Base are sufficient, we recommend that the Renzo team implements a timelock for non-emergency administrative functions to enhance security. This would provide additional transparency and protection while maintaining the ability to respond quickly to emergencies.

Detailed analysis below

Detailed analysis

LlamaRisk initially conducted a complete review of ezETH on May 24th, 2024, and found it to lack the qualities necessary for it to be used as collateral. On August 2nd, 2024, we did a second review for the onboarding of ezETH as collateral on the Aave V3 Lido instance and found significant improvements in terms of decentralization, access control, and market stability. At that time, we endorsed ezETH as collateral, and our positive outlook has remained.

Access control risk

Renzo leverages Connext Network and ChainLink CCIP to offer native re-staking on various L2s, including Arbitrum and Base. Users can swap ETH/WETH for ezETH directly from the protocol with the internal exchange rate of the protocol. Later, the Renzo-controlled smart contracts on L2 will send the deposited ETH/WETH to the Renzo protocol on L1 to be re-staked. Minting ezETH through Connext on L2 is not free, with a 5bpp bridging fee, a 5bpp gas fee, and a variable % slippage for converting to nextWETH, the internal asset used by Connext for bridging ETH.

Native re-staking deposits on L2 should help grow ezETH liquidity and use cases on the supported L2s and reduce user friction. It is important to note that ezETH can only be minted through this solution and not redeemed for ETH/WETH. They would have to use secondary markets for that. Therefore, the bridge contracts on L2 cannot be used as additional, instantly redeemable liquidity sources for Aave liquidators.

Here are the Arbitrum contracts:

Here are the Base contracts:

The access controls in place are critical because the L2 contracts have significant responsibilities and can mint and burn ezETH on those chains without the necessary ETH/WETH backing. Only the xRenzoDeposit contract can call the mint and burn functions of the corresponding ezETH XERC20 contract. We found all contracts to be deployed behind a TransparentUpgradeableProxy contract. No timelock could be found, but it would have been desirable to allow ezETH holders to exit their positions on the L2 in case of a security breach.

The xRenzoDeposit contract gets the ezETH/ETH internal exchange rate from the Chainlink CCIP oracle. Notably, the privileged updatePriceByOwner function on the xRenzoDeposit contract is critical and can be called by the 3/5 multisig to override the ezETH/ETH internal exchange rate from the CCIP oracle. Through a privilege escalation attack, an attacker could mint ezETH for a fraction of the cost and empty the ETH from ezETH/ETH liquidity pools on L2s. An emergency pausing system on L2 would be more desirable than this privileged way to set the Oracle price.

The $500k Immunefi bug bounty Renzo offers does not explicitly mention that the L2 infrastructure is covered. However, since Renzo’s L2 presence is ultimately based on the Connext technology, it is relevant to note that Connext offers a $100k bug bounty on Immunefi for its bridging contracts.

Market risk

Arbitrum

image
image1508×554 47.9 KB

Source: DefiLlama, October 30th, 2024

We can see that ezETH TVL on Arbitrum peaked at around $425m on May 27th, 2024, before returning to a plateau at around $50m. This coincides with the overall TVL trend for ezETH and can be explained by the negative sentiment from the community on the TGE event, together with the lack of withdrawals, which resulted in a strong downside depeg at the end of April 2024, which led to reduced confidence in the asset.

image
image1088×540 34.8 KB

Source: OKX aggregator, October 30th, 2024

On Arbitrum, the liquidity available within a 7.5% price impact amounts to 740 ezETH or $2.04m. Applying the normal methodology yields a recommended supply cap of 1500 ezETH and a borrow cap of 150 ezETH. We found the following main liquidity venues:

Base

image
image1514×550 40.9 KB

Source DefiLlama, October 30th, 2024

Although relatively small, the ezETH TVL on Base increased significantly over the last month from around $4m to $10m. This coincides with the underlying growth of the Base L2 chain.

image
image1096×530 38.9 KB

Source: OKX aggregator, October 30th, 2024

On Base, the liquidity available within a 7.5% price impact amounts to 575 ezETH or $1.58m. Applying the normal methodology yields a recommended supply cap of 1100 ezETH and a borrow cap of 110 ezETH. We found the following liquidity venues:

Disclaimer

This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

1 Like