Summary
LlamaRisk supports listing weETH on Aave V3 Scroll and parameters recommended by @ChaosLabs. Our initial assessment for collateral onboarding highlighted a few concerns with weETH, including absence of a DAO and centralization governance risk due to a low threshold multisig without a timelock, reliance on EigenLayer airdrop speculation for growth, potential validator risks (especially with non-KYC’d operators), and counterparty risk for node operators relying on legal agreements.
Since then, EtherFi has shown remarkable growth, reaching an ATH TVL of ~$6.8 billion while addressing some of our initial concerns. For L2 onboarding, EtherFi uses LayerZero’s OFT native minting technology, which we’ll examine. In this brief, we provide an update on weETH, which supports our recommendation to onboard on Scroll.
Cross-chain bridging using LayerZero OFT
EtherFi employs LayerZero’s OFT (Omnichain Fungible Token) to bridge weETH to Layer 2 networks like Scroll. This system uses native minting, where new weETH tokens are minted directly on Scroll when bridged. To maintain a consistent total supply, tokens are burned on Ethereum and minted on Scroll during transfers. The process relies on LayerZero’s cross-chain messaging protocol for infrastructure. Users can bridge weETH directly without interacting with intermediate wrapped tokens.
Source: LayerZero
As of July 23, 2024, LayerZero v2 OFTs have a total value locked of over $700 million. L2BEAT provides a good summary of trust assumptions and risk factors, as the security parameters of each Omnichain Fungible Token (OFT) can be changed by their developers. In weETH case, the escrow contract is owned by a 2/5 multisig and the weETH OFT implementation on Scroll is owned by a 3/6 multisig. Other risk factors include potential theft through malicious OFT (Adapter) contract upgrades by the OApp owner, fraudulent transfers due to Executor-Verifier collusion, the critical risk from malicious security stack changes, and fund compromise if the LayerZero Multisig alters the default stack when no custom stack is set.
Token distribution and Liquidity
Source: Etherscan, July 23rd, 2024
A large portion of weETH is held by Mitosis via miweETH, a protocol that aims to improve efficiency for asset management across multiple chains and DeFi protocols. Our review indicates that the cross-chain LP functionality still needs to be activated, with the Mitosis vault attracting deposits through its incentive (points) program.
Other notable holders include an unknown EOA, Pencils Wrapped eETH (pweETH) from the Pencils Protocol (an auction platform and yield aggregator), and Rho weETH (rweETH) from the Rho Protocol (a DeFi derivatives market). LayerBank, an unsanctioned Aave V3 fork, also has a small ($600k) amount of weETH deposited.
On the DEX side, a majority of the Liquidity is held within Ambient’s weETH/ETH pool and Nuri’s weETH/ETH pool.
Source: Ambient weETH/ETH pool, July 23rd, 2024
Source: Nuri weETH/ETH pool, July 23rd, 2024
The current Liquidity on Nuri supports swaps of up to approximately 1,000 weETH to ETH, resulting in 8.1% slippage.
Source: Nuri, July 23rd, 2024
Update on Market Risks
The total TVL (weETH + eETH) saw a small reduction from $6.5b to $5.6b following the second ETHFI airdrop. However, it grew to nearly $7 billion as of July 23, 2024.
Source: DefiLlama, July 23rd, 2024
EtherFi remains the leading LRT protocol in TVL and has managed to sustain its growth despite the first EIGEN token airdrop and the first and second waves of the ETHFI airdrop to EtherFi point holders. This helps to alleviate our fear that EtherFi’s growth was inorganic and made of mostly temporary airdrop farmers, which could have increased the volatility of its Liquidity.
Update on Access Control
Our audit of EtherFi’s smart contracts confirm the implementation of a three-day timelock contract. EtherFi uses multiple multisigs:
- Multisig A (4/7): Manages most contracts, including the timelock’s executor, canceller, and proposer roles
- Multisig B (2/6): legacy multisig wallet
- Multisig C (2/5): LoyaltyPointsMarketSafe only
- Multisig D (4/6): Liquid Vault only
- Multisig E (3/6): ETHFI distributor
| Contract | Owner |
|---|---|
Address Provider |
Multisig A, via timelock |
Early Adopter Pool |
Multisig B |
Auction Manager |
Multisig A, via timelock |
Staking Manager |
Multisig A, via timelock |
Etherfi Nodes Manager |
Multisig A, via timelock |
BNFT |
Multisig A, via timelock |
TNFT |
Multisig A, via timelock |
eETH |
Multisig A, via timelock |
WeETH |
Multisig A, via timelock |
WithdrawRequestNFT |
Multisig A, via timelock |
Liquidity Pool |
Multisig A, via timelock |
Membership Manager |
Multisig A, via timelock |
Membership NFT |
Multisig A, via timelock |
Node Operator Manager |
Multisig A, via timelock |
ETHFI |
Gov contract, not owned or upgradeable |
Treasury |
Multisig A, via timelock |
LoyaltyPointsMarketSafe |
Multisig C |
Liquifier |
Multisig A, via timelock |
EtherFiOracle |
Multisig A, via timelock |
EtherFiAdmin |
Multisig A, via timelock |
EtherFiTimelock |
Multisig A, via timelock |
Liquid Vault |
Multisig D |
Update on Governance and Reward System
Etherfi launched the ETHFI token in March 2024. A 3/6 multisig received 100% of the ETHFI supply and began distributing funds to various wallets according to the documented allocation schedule.
The next governance development phase, “Phase 1 - Full governance deployment,” is planned for the coming months. This phase will expand voter involvement in Etherfi’s governance by deploying a governor and granting access to Etherfi’s protocol and treasury.
Holders can vote on DAO proposals via Snapshot or delegate their votes. A multisig committee implements changes, handles emergency actions, and ensures proposals align with Foundation objectives, with veto power. Anyone can propose, but a quorum of 1m ETHFI is required. Approved proposals are executed off-chain by the multisig committee. The system remains centralized until on-chain, trustless proposal deployment is introduced.
ETHFI staking is available through the Etherfi dApp. It accumulates loyalty points (6.5 points daily per staked ETHFI as of July 2024). The ETHFI vault automatically re-stakes on Karak for additional rewards. Staking is not required to vote on governance proposals; staked ETHFI can still be used to vote.
Additional resources on governance:
- Governance documentation: etherfi.gitbook.io/gov
- Governance forum: governance.ether.fi
- Governance delegatees: vote.ether.fi/delegates
- ETHFI dashboard: dune.com/ether_fi/ethfi-token
Update on Dependencies
EtherFi relies on two primary external components: EigenLayer for restaking functionality and Obol Network for Distributed Validator Technology (DVT). While these integrations are crucial for EtherFi’s operations, they also represent potential risk points in the system.
EigenLayer serves as a protocol dependency, providing the restaking infrastructure. In contrast, Obol DVT is an off-chain middleware for validators, provided “as is” and managed by node operators.
The protocol maintains two categories of node operators: Permissioned Professional Node Operators subject to Know Your Customer (KYC) procedures and Permissioned 2 ETH Bonded Node Operators exempt from KYC requirements. This dual structure allows for a balance between professional oversight and broader participation.
Notably, Professional Node Operators rely on legal agreements rather than collateral. While this approach may streamline operations, it introduces potential counterparty risk, as the protocol’s security partially depends on the enforceability of these agreements.