Summary
LlamaRisks supports the onboarding of wrsETH to the Plasma instance. wrsETH’s architecture follows the same OFT design seen in rsETH on other L2s onboarded. Onchain supply at the time of writing was approximately 736 rsETH, with liquidity for wrsETH concentrated in 2 Balancer V3 and Curve pools. While market liquidity is rapidly evolving, we note that 695 wrsETH (~$3.2M) could be swapped within a 7.5% price impact.
Moreover, we identified a security concern regarding the BRIDGER_ROLE being assigned to an Externally Owned Account (EOA), which would enable it to bridge funds to itself. In the event this EOA were to be compromised, user funds could be at risk. Following a discussion with the KelpDAO team, they informed us that this function would be deprecated and that the BRIDGER_ROLE would be temporarily assigned to a 3/6 multisig until the upgrade is effected. We are currently in contact with the Kelp team to facilitate this update. Once the EOA is unassigned and the multisig is assigned the role, we will update the community, and will then be able to proceed with the onboarding process on the Plasma instance. This represents a secure interim mechanism until the full upgrade is completed. We will provide a community update as soon as this change is implemented.
1. Asset Fundamental Characteristics
1.1 Asset
wrsETH is the wrapped version of the liquid restaking token rsETH, backed by LSTs such as ETHx, stETH, and native ETH. Extensive analyses of rsETH have been conducted in the past, with previous reports detailing its design and risk considerations, including: Add rsETH to Aave V3 Ethereum, Onboard wrsETH to ZKsync V3 Instance, and rsETH Collateral Risk Assessment.
1.2 Architecture
rsETH is bridged through LayerZero infrastructure and utilizes the Omnichain Fungible Token (OFT) standard. Since OFTs are already present on Aave markets, the bridging mechanism poses little additional architectural risk.
1.3 Tokenomics
wrsETH can be swapped 1:1 with rsETH, as with other deployments. A total of ~736 wrsETH (~$3.3M) is currently available on Plasma, with 7 accounts registered as holders. Effectively, 3 addresses hold 100% of the supply, namely a BalancerV3 vault (~57%), Curve wrsETH/WETH pool (~32%), and an EOA (~11%).
The other 4 addresses registered hold marginal amounts of wrsETH. This low supply is reflective of the recent Plasma mainnet Beta launch.
2. Market Risk
2.1 Liquidity
Approximately 695 wrsETH worth ~$3.2M can be swapped within a 7.5% price impact.
Source: Kyberswap, October 1st, 2025
The two main liquidity venues are the Balancer wrsETH-waPlaWETH pool (~$3.8M TVL) and the Curve wrsETH/WETH pool (~$2.1M TVL).
Source: Trade Routes, Kyberswap, October 1st, 2025
2.2 Volatility
Price history for wrsETH on Plasma is limited, given the network’s recent launch (September 25th).
2.3 Growth
The assets’ growth on the chain is too early to determine, given its recent deployment.
3. Technological Risk
3.1 Smart Contract Risk
Since our collateral risk analysis of rsETH, in addition to the 3 audits we noted from SigmaPrime, Code4rena, and MixBytes, 2 additional audits have been completed by Sigma Prime:
- June 2024 - 1: 1 high issue, 2 medium issues, 2 low issues, and 4 informational issues were found. The highest rated risk concerned incorrect accounting for stakedButUnverifiedNativeETH. Issues were either resolved or acknowledged (low and informational issues).
- June 2024 - 2: 2 critical issues, 3 medium issues, 6 low issues, and 12 informational issues were found. Issues were either resolved or acknowledged (closed).
3.2 Bug Bounty Program
Layerzero and Kelp DAO both have bug bounties, with max bounties worth $15.5M and $250K, respectively.
3.3 Price Feed Risk
A Chainlink wrsETH/ETH exchange rate price feed is available. The custom feed has a deviation threshold of 0.05% and a 24-hour heartbeat.
Additionally, a LayerZero cross-chain rate receiver (RSETHRateReceiver) is available, which receives and stores the rsETH/ETH exchange rate updates from the RSETHMultiChainRateProvider contract. The cross-chain risk associated with this is the utilization of LayerZero infrastructure to pass price updates effectively.
4. Counterparty Risk
4.1 Access Control Risk
4.1.1 Contract Modification Options
Deployed Kelp DAO contracts on Plasma:
RSETHPoolV3: the deposit pool for rsETH, deployed behind a TransparentUpgradeableProxy contract.
RSETH_OFT: LayerZero ERC20 contract for rsETH.
rsETHWrapper: is deployed behind a TransparentUpgradeableProxy contract.
RSETHRateReceiver: contract acts as rsETH’s oracle on Plasma
RSETHPoolV3 has the following roles:
- DEFAULT_ADMIN_ROLE: can assign roles, unpause the contract, and change parameters, e.g., minting limit, fees. Assigned to Multisig A
- BRIDGER_ROLE: able to withdraw collected fees and move assets for bridging. Assigned to EOA A
- OPERATOR_ROLE: can perform rsETH to supported asset swaps. Assigned to EOA A
- PAUSER_ROLE: Pause contract operations. Assigned to Multisig B
- TIMELOCK_ROLE: can enable and disable deposits, change the oracle, and change supported assets. Assigned to TimelockController.
RSETH_OFT is owned by Multisig A. The owner has access to functions related to LayerZero’s OFT (e.g., cross-chain functionality, fees, and pause abilities) and OpenZeppelin’s Ownable (e.g., transfer ownership and renounce ownership) privileges.
rsETHWrapper has the following roles:
- DEFAULT_ADMIN_ROLE: can assign roles and unpause the contract. Assigned to Multisig A.
- BRIDGER_ROLE: can deposit assets to collateralize wrsETH. Assigned to EOA A.
- MINTER_ROLE: allows the role holder to mint new wrsETH. Not currently assigned (users can mint wrsETH via asset deposits).
- TIMELOCK_ROLE: can change supported assets. Not currently assigned
- MANAGER_ROLE: is defined but does not have assigned functions or accounts.
RSETHRateReceiver is owned by the TimelockController.
The BRIDGER_ROLE grants EOA direct access to funds that can be bridged to the account itself through the moveAssetsForBridging function; no timelocks or limits are imposed (beyond fees). In the event this EOA becomes compromised, funds could be siphoned out, leaving rsETH undercollateralized. We contacted the Kelp team about this concern and proposed deprecating the function as was previously done for the wrsETH onboarding to the ZKSync instance.
4.1.2 Timelock Duration and Function
No time locks are implemented directly; however, the TimelockController contract acts as a timelocked admin able to propose operations and execute them after a delay. As noted in section 4.1.1, the TimelockController is assigned the TIMELOCK_ROLE in the deposit pool contract; therefore, changes made by the TimelockController apply a delay to only this role’s functions. Currently, the minimum delay is set to 3 days.
Within the deposit pool contract, the pause function is exposed and accessible by the PAUSER_ROLE
4.1.3 Multisig Threshold / Signer identity
Multisig A has a 3/ 6 threshold. Multisig B has a 1/5 threshold. Signers are comprised of Kelp core team solely.
Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.
[/details]
Aave V3 Specific Parameters
Owing to the Plasma’s recent deployment, liquidity is evolving rapidly, and new liquidity pools are being bootstrapped. We have reviewed ACI’s proposed parameters and will provide revised recommendations and will provide them jointly with @ChaosLabs, which will post them here shortly.
Price Feed Recommendation
We recommend using the internal exchange rate of rsETH together with CAPO, in conjunction with Chainlink ETH/USD price feed, as has been utilized for other rsETH markets.
Disclaimer
This review was independently prepared by LlamaRisk, a DeFi risk service provider funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.
The information provided should not be construed as legal, financial, tax, or professional advice.