Managing Exposure to the Eigenlayer Ecosystem from an Institutional Perspective
Cazu
0x565D
May 2nd, 2024

What is Eigenlayer?

Essentially, Eigenlayer represents a market for security. It leverages Ethereum's greatest asset (its vast and diversified validator set) and creates a market for those building on top of it (economic security).

Eigenlayer is constructing an entire ecosystem around re-staking, which will play a crucial role in DeFi in the coming years. By allowing the re-staking of staked ETH, this infrastructure provides new development perspectives for developers while offering better returns for holders of re-staked ETH.

The focus here is on risk management related to exposure to EigenLayer. Many quality articles have already been published on how this platform works. I will therefore cover this topic briefly, providing additional sources to deepen your understanding.

Breaking down the article into :

  1. Overview of Eigenlayer

    1.1 Operation and different roles of the actors

    1.2 Governance

  2. Custody risks, governance, and oracle

  3. Market risks

    3.1 Multi-slashing

    3.2 Node Operators and AVS

    3.3 LRT protocols

    3.4 Concentration and contagion

    3.5 Secondary market and leverage

  4. Risk management

  5. Monitoring

  6. Conclusion

1 - Overview of Eigenlayer

1.1 Operation and different roles of the actors

Before going into details, visualize how Eigenlayer is orchestrated:

Users > LRT Protocols > Node Operators / Validators > AVS (middleware) > Eigenlayer

The pillar of this ecosystem is Eigenlayer, which acts as a support, connecting the actors mentioned above. Eigenlayer fills the fragmented trust gap that a Dapp currently built on Ethereum is easily corruptible because it operates in isolation. By consolidating the costs of corruption within Eigenlayer, the cost of attacking one of the Dapp's components becomes much more expensive.

Let's see this visually:

Before re-staking, the cost to initiate a network meant that you had to overpay validators to participate in your ecosystem. This generally translated into high token emissions to these infrastructure providers due to the overhead of running and managing entirely separate machines to participate :

After re-staking, however, you have a market for these same validators who choose to secure additional services. These validators no longer need to manage separate and external overhead to indicate their willingness to validate elsewhere - they simply opt for additional slashing conditions while maintaining the same validation services they provide for Ethereum :

These Dapps, otherwise known as AVS or middleware, can be data availability layers, new VMs, keeper networks, oracles, or even bridges. Creating a new security network via a new consensus model is lengthy and costly ; acquiring trust, attracting capital through incentives, and developing the necessary infrastructure. Now, AVS have a significant economic and financial interest in building on Eigenlayer to offer a service benefiting from the security of Ethereum.

You are probably already familiar with the Validators, who manage the staking on the Beacon Chain. The Node Operators are those who, in addition to native staking, will re-stake and compose "re-staking strategies" by choosing how the ETH will be allocated among the AVS via the opt-in / opt-out system, based on their skills, interests, and incentives offered by the AVS. The Node Operator then accumulates his responsibilities on the Beacon Chain with those of the AVS, with whom he’s registered.

All ETH_restaked is, just like the ETH_staked, subject to the withdrawal period imposed by the Beacon Chain. By choosing to secure various AVS, the re-stakers also submit to the withdrawal conditions of these. This is where the LRT Protocols come into play. In turn, they compose their strategies relying on the service of the Node Operators and allow having a liquid ETH_restaked on the secondary market. An LRT Protocol may choose to accept native re-staking (ETH) or liquid re-staking (wstETH, ETHx...) which they may or may not re-stake natively themselves.

The Users are those who will provide the ETH to the LRT Protocols and benefit from the liquidity of the asset to compose DeFi strategies.

In summary; Eigenlayer plays a role of absorbing responsibility and architecture for the AVS coming to build on it, offering the possibility to customize their business model. EL will be a free market, of supply and demand where AVS will offer services and incentives to Node Operators who choose whether or not to re-stake their ETH with them; the more an AVS captures ETH, the more they benefit from a decentralized and secure infrastructure.

This greatly resembles the ecosystem of Polkadot parachains, but with more flexibility and more security. It gives more utilities to the ETH token but confers a much greater responsibility as it finds itself at the center of multiple governance decisions and slashing risks.

You can further your research on understanding Eigenlayer through this Cryptoast article or the blog. Feel free to browse the documentation which has a bot facilitating occasional research by keywords.

1.2 Governance

A note on governance because it inevitably represents a risk to the user.

Instead of using a token-based quorum governance model, EigenLayer will use a reputation-based committee composed of reputable individuals such as community members of Ethereum and EigenLayer for governance. The committee is charged with:

  • Activating EigenLayer contract upgrades

  • Reviewing and vetoing slashing events

  • Authorizing new AVS

Regarding voting, Eigenlayer requires reaching two quorums: the ETH one and the X Token of the underlying AVS = dual-token quorum model

Thus, voters can participate either by "re-staking" ETH or by "staking" the AVS token, but the quorum must be reached on both sides for the proposal to be accepted.

$EIGEN adopts a new model called intersubjective work token; a token that needs to be staked to work.

$EIGEN is the non-staked version that can be used in DeFi unlike bEIGEN (i.e., backing EIGEN) which is staked and earns rewards by securing AVS. Why have two tokens? Because bEIGEN will be used to secure intersubjective tasks that cannot be done within Ethereum’s consensus.

For this, the token relies on the Augur model which allows forking the token in case of disagreement with the social consensus. A key element of EIGEN's value proposition is its setup phase, in which it is explicitly designed to adjudicate intersubjective faults and to fork the EIGEN token in order to diminish and penalize malicious actors without its users needing to be aware of the fork.

Simply put, EigenLayer removes the complexity inherent to the forking mechanism so that if you hold EIGEN without staking, you never have to worry about bEIGEN, forking, etc.

2 - Risks of custody, governance, and oracle

Custody

The custody risk touches on what is related to smart-contracts. To date, 3 audits have been made public, 4 others are not. Here is an overview of these audits:

Consensys; 03/2023; Architecture, security measures 1 medium (reentrancy risk) - EL estimates that the tokens implemented are not subject to the risk of reentrancy. It was left as is 6 minor - 4 have been corrected and the others have been taken into consideration by affirming that the information is clearly given to users 5 informatives

Sigma Prime; 05/2023; Compliance, functionality architecture 1 high - resolved (concerning the withdrawal functionality) 1 low - resolved (concerning a problem if a hard fork must be envisaged) 4 informational - 3 resolved

Sigma Prime; 02/2024; Core 1 critical - resolved (verification of withdrawals on the Beacon Chain) 1 high - resolved 3 low - resolved 2 informational

Regarding the non-public audits, all would be less than 3 months old = 01-02/2024). They would be :

  • Debaud (middleware repo)

  • Hexens

  • Sigma Prime (security review)

  • Spearbit

After having conducted a contest audit at Cantina (100k $) which is now completed, two others are ongoing:

  • Immunefi; 2M $

  • Code4rena; 90.5k $ (until 04/05/2024)

As of 04/2024, Eigenlayer is the second largest DEFi protocol with over 15B in TVL.

To date, the Eigenlayer code is not entirely immutable. The contracts contain some "training wheels" that include a community multisig that controls scalability, indicating that the code can be upgraded. Given this governance operation, the contracts are not immutable, so monitoring must be done on updates. However, the CEO would have affirmed that the slashing contracts will be immutable.

It remains a young protocol, but it would be interesting to see more public audits and adopt a sustained auditing rhythm (cf. Lido) once the protocol reaches a stage of maturity.

We have only discussed the custody risks related to the primary protocol that is Eigenlayer here. Obviously, this study will also need to be conducted on the LRT Protocols and the AVS in which your assets are exposed.

Governance

There are two aspects to look at: the influence of the multisig on the contracts and the functioning of the governance itself

EigenLayer uses a governance composed of 3 main multisigs acting as safeguards:

  • The Operations Multisig is a 3 / 6 multisig that can perform upgrades and routine maintenance with a minimum delay of 10 days on all critical security actions via a timelock. It also has the power to suspend the EigenLayer functionality in emergency situations.

  • The Pauser Multisig, which is a 1 / 14 multisig, has the unique power to suspend the EigenLayer functionality in a critical situation but holds no other power.

  • The Community Multisig is a 9 / 13 multisig composed of Ethereum community members such as Tim Beiko (Ethereum Foundation), Ben Rodriguez (Coinbase Cloud), and Swapnil Raj (Nethermind). Under normal conditions, it acts as an observer of Operations Multisig transactions. However, in extraordinary circumstances, it can perform emergency actions, such as executing urgent updates or replacing Operations Multisig in case of private key compromise.

Visually :

Regarding the functioning of the governance itself, this refers to both the governance via the $EIGEN token and the underlying governance of the AVS and LRT Protocols.

Firstly, we have no visibility on the future governance via Eigenlayer's native token so this is purely hypothetical: Involvement in governance will greatly depend on the chosen tokenomic:

  • ve-model / es-model / quadratic voting / delegation or other

  • It will also depend on the possibility to delegate or not

  • The power of action of holders / lockers

  • Governance on-chain / off-chain

  • Quorum / Timelock

Secondly, the governance of the LRT protocols is not really active to date. The same goes for the AVS. When Eigenlayer is fully operational, these governance risks will need to be studied across all the protocols involved in the strategies, and then monitored.

Oracle

Eigenlayer uses Telepathy as an oracle to read Beacon Chain data during withdrawal requests and to read validator balances.

Telepathy is developed by Succinct Labs (which recently raised 55M), to retrieve and collect these data through the use of zk-SNARK proofs.

"It is important to note that it is not possible to access beacon chain data directly from the execution layer, which is why the oracle is used to relay the state root of the beacon chain to the execution layer" This allows the system to access the validator balances by providing the corresponding Merkle proof. With the implementation of EIP-4788, the need for this oracle would be eliminated, as it would allow querying the beacon root directly from the execution layer

Moreover, in cases where the LRT protocol re-stakes the LST, these may be dependent on other oracles.

3 - Market risks

3.1 Multi-slashing

When re-staked assets are allocated to an AVS, there is a possibility that it may no longer be validated if it turns out to be dishonest or if security flaws are discovered.

To mitigate this risk, EigenLayer emphasizes security audits by requiring projects to undergo audits from 2 to 3 reputable audit firms and creates a governance layer that has veto power over slashing decisions.

Therefore, the user is exposed to three times more risk than native staking, which only risks slashing on Ethereum. Through re-staking, one is also exposed to the risks of AVS slashing, and the combined slashing of AVS + Ethereum.

These charts made by Gauntlet show the difference in collateral loss during staking vs. re-staking slashing events. Due to compliance with AVS rules, re-stakers are exposed to a dependency where one slash can cause another, cascadingly reducing the collateral to zero. However, slashing in normal staking occurs at intervals corresponding to the different stages of the process.

3.2 Node Operator and AVS

Before delegating assets to a Node Operator, it is crucial to conduct due diligence on them because a malicious or incompetent operator could lead to the loss of funds. This remains a relatively low-risk source for users since today less than 0.04% of Ethereum validators have been slashed. However, we are in uncharted territory regarding the risks of slashing for AVS.

Given that Eigenlayer is a completely free market, even though AVS must pass validation tests/audits before they can use the protocol, it is quite possible that we may witness exaggerations regarding incentives or conflicts of interest between communities and insiders. Eigenlayer warns against this risk, calling it “an arms race characterized by opaque risk-taking” which could lead protocols to adopt risky measures to not lose market share. Staying on the theme of this yield race, it is possible to see AVS including LST tokens in their collateral. LSTs with low liquidity present a volatility risk against their underlying ETH, and could thus jeopardize the AVS infrastructure itself.

While LSTs have already added an additional layer of complexity in that the user must research the backing of the protocol/token, AVS adds another layer. The user must now choose the AVS, the Node Operator, and the Validator, a task that is supposed to be “done” by LRT protocols.

3.3 LRT Protocols

An LRT protocol may choose to accept ETH through native re-staking or liquid re-staking via existing LSTs. Having an LRT backed by multiple LSTs can be seen as a source of diversification, but it inevitably exposes to the risks of slashing/pegging of the LSTs. If LSTs are accepted by the LRT providers, then the LRT will bear the risks of the underlying LSTs.

Additionally, owning these LRTs allows one to be free from the withdrawal period, making the product more attractive, but the native model on which these derivatives are based is dependent on this withdrawal duration, which could make an LRT less liquid or encourage a depeg if significant withdrawals were to occur. Moreover, many LRTs have not activated the redemption feature to date.

Recently, it has become possible to use LRTs as collateral, thus amplifying yield exposure while being less exposed to the volatility of the derived asset. However, the LTVs offered are often very aggressive, and a slight depeg could lead to a cascade of liquidations and thus a drop in the price of the LRT, as was recently the case for Renzo.

It is crucial to evaluate how these protocols plan to extend the liquidity of the LST, while simultaneously diversifying their node operator sets and increasing their scaling capacities.

Although LRTs introduce new risks, particularly related to the market itself, they mitigate the risk that the end user might face in the event of slashing if diversity is good; losses would be minimal on a global scale or even offset by insurance systems.

Cobo provides further details on points of caution to consider when deploying substantial capital into re-staking:

  • Participating directly via native ETH re-staking: the security offered by the Beacon Chain is superior to that of Eigenlayer contracts.

  • To avoid the imposed delays, it is generally better to turn to stETH than other LSDs.

  • Regarding LRT protocols, liquidity and withdrawal conditions must be carefully considered.

Of course, given the multitude of LRT/LST already live on the market, there will be a strong risk of depegging of the ETH-variant which will depend solely on the protocol to maintain on-chain liquidity and an attractive incentive mechanism to encourage users to act in favor of the peg. This represents a significant risk for the user, but a very low risk for the Eigenlayer structure itself.

3.4 Concentration and contagion

If more than 33% of ETH is staked in a single AVS or even an LRT, this could lead to a concentration risk and have repercussions on the consensus of Ethereum itself. While LRTs will be permissioned initially, Distributed Validation Technology (DVT) and Trusted Execution Environments (TEE) can be used to further enhance the reliability and security of a validator set. DVT increases the diversity of the validator set while TEEs act essentially as anti-slashing software by protecting the validators using them from violating slashing conditions.

Regarding contagion risks ;LRT protocols heavily rely on the credibility and efficiency of Node Operators and thus the standardized Validators. Therefore, a domino effect can be detrimental on several levels:

  • The Validator fails, resulting in slashing at the Ethereum protocol level > Node Operator, LRT Protocols, and Users impacted

  • The AVS fails > Node Operator, LRT Protocols, and Users impacted

  • The Node Operator fails, resulting in slashing at the Ethereum protocol level and/or the AVS involved > LRT Protocols and Users impacted

  • The LRT Protocol does not maintain the peg > Users impacted

It should be noted that only 0.04% of validators have been slashed since the creation of the Beacon Chain.

The question then arises: can we consider this negligible and focus on the slashing risks that may come from AVS? If you believe not, it will be important to have good diversity in the choice of Validators at the level of Node Operators to limit the risk of contagion and mitigate losses.

On these principles, we see that end users, by purchasing LSTs, agree to be exposed to numerous risks, some of which can be managed by monitoring the activity of Validators/Operators, but others will be less so and will require responsiveness to risks related to the market itself.

Users must be aware of the importance of diversifying exposure to LRTs while understanding that this alone is not enough to adequately mitigate risks; emphasis should be placed on the choice of LRT protocols with a diverse range of reputable and geographically distributed Node Operators, each managing sets of validators with varying configurations. There should be a good diversity among Node Operators, currently more than 6500 Operators are in testnet, a growth of +900% since January 1, 2024

3.5 Secondary Markets and leverage

We also note a kind of systemic risk related to yield. As soon as the product is launched in the DeFi market, Gauntlet's study highlights a correlation between the decline in Pendle's yield relative to weETH, and its selling pressure on DEXs. DeFi products that allow leveraged exposure, particularly Pendle which leads this market, will be a catalyst to watch for the resilience of the LRT peg; could significant selling pressure from the YT lead to a depeg ? No clear conclusion has been formulated, however, these markets will inevitably impact the health of the LRT because they show the interest users have in the token.

Recently, Morpho, Fluid, and Gearbox have offered an attractive product for those wanting to amplify their Points farming. The beauty of this market is that it is bidirectional; while the "degens" agree to borrow at high rates in order to offset costs via airdrops, passive investors have the opportunity to lend their ETH at rates that can exceed 50% APR.

Recent events underscore the importance of studying the mechanisms on which these LRTs are based. We are already witnessing a race towards capital efficiency, which is primarily characterized by aggressive LTV ratios. Two questions must systematically be asked:

  • How are liquidations managed?

  • How is the LRT peg maintained?

In this case, Fluid innovates in its concept by using the liquidity of existing DEXs to partially liquidate, and Ether.Fi manages to maintain its peg thanks to the redemption system already in place.

4 - Risk management

Risk Management Concerning Slashing:

To mitigate this risk, it's necessary to reduce dependencies between different slashing rules :

  • On one hand, by optimizing parameters related to re-staking risk: TVL cap, slashing quantity, minimum TVL, fee distribution, insurance/reserve parameter.

  • On the other hand, by diversifying AVS (via LRTs).

The founder of Eigenlayer stated that some AVS would implement a slashing system only later (6 months post-launch on Eigenlayer).

As a user or depositor via a validator, it is highly recommended to carefully study the risks the validator takes in securing a particular AVS. This task becomes even more complex if funds are placed on liquid re-staking protocols, which diversify among multiple validators who themselves diversify among various AVS. Additionally, some LRT protocols make "commitments"; they pledge to lock a percentage of their TVL with specific AVS.

A massive slashing should not impact Ethereum itself, meaning that re-stakers must fully assume responsibility. Conversely, if a problem occurs on Ethereum, the AVS of Eigenlayer will inevitably be affected.

Risk Management Concerning Node Operators:

When assessing the slashing risk of an EigenLayer Operator, the following considerations must be taken into account:

  • Who are the operators of the underlying EigenPods?

  • Has the operator implemented an appropriate risk mitigation strategy to avoid layoffs and downtime?

  • Does the operator’s development team have enough bandwidth to handle unforeseen circumstances related to the number and complexity of the AVS to be secured?

  • Does the operator have off-chain insurance to compensate for potential slashing events?

  • What is the structure of the operator’s fees?

Risk Management Concerning AVS:

Of course, the slashing risk related to re-staking will be low initially because Eigenlayer has a veto right and preselects the AVS. However, in a future world with an infinity of AVS when the protocols are mature, this exercise demands a lot of energy, and protocols like Anzen could become a benchmark for AVS ratings, or Cubist with its anti-slashing software.

Thus, there can be conservative LRTs with low yield and higher-yielding, riskier LRTs; similar to how bond credit ratings exist.

Recently, Gauntlet announced a partnership with Ether.Fi concerning the selection of AVS. We will see more and more such partnerships, which is a good thing for the industry and its users.

Risk Management Concerning LRT Protocols:

Here are the points of caution and behavior to adopt concerning LRTs:

  • Is the LRT composed of natively re-staked ETH or re-staked LST?

  • In the case of re-staked LST, who are the node operators for these LSTs?

  • What percentage of the total deposits does each type of collateral represent?

  • Is the LST overly exposed on Money Markets/CDPs with high-risk settings?

  • How does the LST manage its peg?

  • What is the redemption process?

  • Is there sufficient incentive for users to maintain strong liquidity, or is the protocol backed by professional MM?

  • How are the multi-sig authorizations of the administrators structured? What authorizations are involved in the transfer of assets and the suspension of withdrawals?

  • If the LRT plans to deploy cross-chain, how is the bridge implemented? Canonical or non-canonical?

  • Currently, all LRT protocols have the capability to pause and upgrade contracts; it is recommended to monitor the evolution of contracts and sensitive operations executed by the project team.

5 - Monitoring

The ecosystem is expanding and now comprises:

  • 10 AVS with EigenDA leading the market (2,524,521 ETH)

  • 56 Operators with P2P leading the market (325,248 ETH)

Here are some ways to follow the progress of this ecosystem:

  • Directly on the Eigenlayer website; all AVS, Rollup, and Operator are listed. You have shortcuts to the official sites.

  • On Eigenbeat, created by Onur Sucu who keeps you informed on Twitter about new AVS/Operator partnerships.

  • Similarly to Eigenbeat, Restaking Club provides data on AVS and Operators.

  • Cookies updates his Google Docs and Sheets on LRT protocols.

  • Henrystats provides good Dune dashboards that allow you to monitor the on-chain robustness of LRTs, concerning the tokens, the protocols, and a focus on Renzo/EtherFi.

  • MaybeYonas also offers highly detailed dashboards in terms of metrics, we advise you to bookmark your favorite LRTs and monitor their on-chain health.

6 - Conclusion

EigenLayer represents a substantial infrastructure that extends the capabilities of the Ethereum network and energizes the yield staking market. This promising ecosystem is still in its early stages and is emerging as fertile ground for innovation in the field of decentralized finance (DeFi), offering new possibilities to users.

One of the main features of EigenLayer, through the Ethereum network, is its approach focused on user responsibility to maintain the protocol's integrity. This shared responsibility raises complex risk assessment questions for those wishing to engage in this ecosystem. Due diligence and continuous monitoring are essential to assess and mitigate potential risks.

Indeed, some investors may choose to minimize these tasks by underestimating the risks associated with native slashing, or by relying on trusted partners like Gauntlet x EtherFi for risk analysis. However, it is crucial to remain vigilant about the on-chain resilience of staking tokens, their potential impact on leveraged markets, as well as their governance and redemption mechanisms.

At Redacted Labs, we have been closely following these developments for several months, using and developing appropriate tools to identify opportunities while being aware of the risks inherent in this constantly evolving ecosystem.

Disclaimer:

This article is provided for informational purposes only and does not constitute legal, commercial, or investment advice. Do not base your investment decisions on this article and do not consider it as an accounting, legal, or tax guide. Mention of specific assets or securities is for illustrative purposes only and not an endorsement. The author's opinions may not reflect those of their affiliations and are subject to change without notice.

About Redacted Labs:

Redacted Labs is a DeFi desk offering customized services to professionals looking to profit from decentralized finance with institutional risk management.

Our goal at Redacted Labs is to provide our clients with the decentralized finance experience while controlling risks, offering a fund management service tailored to their needs. We firmly believe that decentralized finance is the future, and our expertise and experience enable us to meet the growing needs of businesses looking to invest in this area.

Subscribe to Cazu
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
nNIrDnsELp0xCro…vjRkxI4R5ZfsGsw
Author Address
0x565D380416a2889…3f6DeeF029212Aa
Content Digest
4fgofhrGHRCYoiY…U-x7CAMANPWoezg