Llama Risk Team is uneasy about ezETH

Source : https://www.youtube.com/watch?v=Ud7VsI-n5lU

Llama Risk Team is uneasy about ezETH

Introduction

Llama Risk (aka Prisma Risk) is a risk assessment team. Their provide reports to help users and communities understand the risks before exposing themselves to them.

They strive to be as neutral as possible to avoid hindering progress and innovation in the DeFi space.

In their risk assessments about ezETH (a liquid restaking token provided by Renzo), it received an unfavorable risk score for suitability as collateral asset :

Collateral Risk Assessment - Renzo Restaked ETH (ezETH) - HackMD
Website: renzoprotocol.com

Concerns were raised regarding market risks (volatility and liquidity), smart contract security practices, centralization in the overall protocol, and it seems that Renzo team doesn't want to talk about it.

What is ezETH ? (20:00)

ezETH is a Liquid Restaking Token (LRT) launched in september 2023 by Renzo.

Users can deposit native ETH, wETH, or stETH to mint ezETH. Minting ezETH allows to earn additional yield as Renzo also validates Attestation Verifier Sets (AVSs) with a node operator set.

ezETH has a concentrated set of node operators (5 at the time), and they charge 10% performance fee on the yield.

Renzo has a roadmap to broaden the node operator set, but it's unclear if they plan to include community node operators.

ezETH is available on mainnet and Layer 2s like Arbitrum and Linea.

ezETH Risk Assessments

Llama Risk categorize the risks into mainly four categories :

  1. Technical Risks
  2. Market Risks
  3. Counterparty Risk
  4. Legal Risks

Technical risks (25:50)

ezETH has undergone only one audit, which did not include cross-chain components. Bug bounty program exists, but cross-chain system is not in scope.

We can't see any of the history of the development. There isn't any public versioning, also no public tests or deployment scripts.

Renzo uses Chainlink CCIP protocol for cross-chain price updates but includes an admin function to manually update prices, posing a centralization risk.

The WETH price is fetched from a binance operated oracle which is completely centralized. If the binance operator pumps the WETH price, there would be inflation of ezETH so all ezETH holders would be affected by it.

Market Risks (39:15)

80% of ezETH is in DeFi apps, mostly Pendle and Balancer, several lending protocols. Only 4% was in DEXs. High concentration in DeFi apps increases risk of price manipulation by large holders.

Withdrawals are not enabled, which is problematic because arbitrageurs can't fix the price. This contributed to the ezETH depeg on April

When token generation event was announced, a lot of that token supply was forced to flow to secondary market exchanges because withdrawals are not enabled, causing a depeg.

Even today, ezETH is not fully repegged yet.

Counterparty Risks (48:50)

ezETH is governed by a 3/5 multisig and no time lock, raising significant security concerns.

Signers are unknown. We can see the on-chain addresses, but Llama Risk didn't get any response from Renzo about the people behind those addresses.

According to Wormhole, when we have a multisig with such a high value, there would normally be some kind of a time lock, but he couldn't  find any time lock mechanism.

Renzo has 5 node operators, and those node operators are not required to hold any form of collateral. The reliance on off-chain agreements with node operators increases the risk of centralization and potential misbehavior.

Renzo's user interface is maintained by a legal entity. Llama Risk assumes it is established in the British Virgin Islands (BVI)

Terms of service are subject to BVI law, but it is pointed that any disputes shall be resolved by Cayman Islands Arbitration Authority under the Cayman Islands Arbitration law.

This dual jurisdiction approach (BVI for operations and Cayman Islands for dispute resolution) creates potential complications for users seeking resolution.

Lack of transparency in the points program. There is no clear definition of what these points are and how they shall be transitioned to the expected governance token.

In addition, Their points program is not incorporated in the terms of service, which would make it difficult for users to present a valid claim for an unfair allocation

Llama Risk's conclusions

Liquidity concerns (1:07:45)

There is a high amount of speculative activity around LRTs and most of ezETH are not liquid, so the price manipulation risk is real and ezETH's depeg is a warning about it.

Ever since the depeg event of April 23, ezETH has not fully recovered

Smart contracts security (1:11:30)

Llama Risk felt that audits are not sufficient. There is only one audit and some components are not audited yet.

Public versioning of GitHub repositories don't show as much transparency as Llama Risk feels is required for a decentralized protocol

On the plus side, there is a bug bounty program with Immunefi with $250k of maximum bounty size. That said, a larger bug bounty program would be merited given the size and the rapid growth of this protocol.

Dependencies (1:12:30)

  • All LRTs rely on Eigenlayer
  • The Binance operated oracle could create scenarios where ezETH could be fraudulently minted
  • The protocol is governed by a 3/5 multisig with unknown signers and no time lock

Recommandations (1:21:00)

Given the identified risks, ezETH's inclusion as collateral poses significant threats to protocol stability, and would not be a suitable collateral type for conservative DeFi protocols.

It would be a suitable collateral type for isolated lending markets where the risk is limited to participants who choose to engage in those specific market

The importance of dialogue

Llama Risk is open to corrections (1:22:30)

Llama Risk is not here to work against DeFi Protocols. They just want a secure, transparent environement, and they celebrate protocols when they are making improvements to their security

Occasionally Llama Risk can provide wrong information or outdated information, so they ask for the community to reach out if corrections need to be made in their reports.

Poor communication from Renzo (1:27:30)

DAdvisoor had a bad experience talking with Renzo team :

  • He noticed the Renzo team the live is about their protocol, but say this is a waste of time
  • Renzo team claimed that Llama Risk's report on ezETH has innacuracies, but they haven't revealed what the innacurracies are.
  • DAdvisoor asks again what's innacurate on Telegram, but the team deleted the chat

Nicholas, a viewer, had the same problems : "As an ezETH bag holder, I have been banned from their Telegram and Discord for asking too many questions"

Their communication seems emotional and childish. The public has the right to research and engage, and the community should be able to evaluate the criticisms and decide for themselves.

Upcoming discussion about Ethena

In the backrooms, Llama Risk was talking with Leviathan News about getting together to talk about Ethena's stablecoin (USDe)

USDe is the first stablecoin to reach $2 billion TVL in the shortest amount of time. Thats said, this is a pretty controversial stablecoin.

The first controversial point is the naming. The founder of Ethena explained USDe is not actually a stablecoin. The problem is, when a token has USD in the name of it, you expect people to think it's a stablecoin. This would raise legal concerns.

The second one is USDe's mechanism. According to Wormhole, mechanism for maintaining its stability has perhaps weaker assurances of stability than common standards.

To be continued...