Assessment reportsPublic findings
Back to Zellic site
Assessment reports>ether.fi>Discussion>Counterparty and exchange-rate risk
GeneralOverview
Findings
High (3)
Medium (2)
Low (2)
Informational (2)
DiscussionCounterparty and exchange-rate riskPermit can allow for gasless depositsPR #1568 review
Threat ModelWhat are threat models?Liquifier.sol
Audit ResultsSummary

Counterparty and exchange-rate risk

By offering to unconditionally advance to the user eETH in return for whitelisted tokens or whitelisted queued strategies, the Liquifier upgrade takes on a considerable amount of risk by making more value available to attackers who exploit the whitelisted protocols. This is because, for example, if an exploit is discovered in EigenLayer that allowed the queuing of unauthorized withdrawals, in addition to EigenLayer losing funds, the attacker also has the ability to deposit the funds to the Liquifier, minting them eETH.

This risk is limited by the deposit limit, which limits the rate at which the contract can mint eETH. In theory, during one period of the deposit cap, an exploit in the whitelisted contracts can be identified and the contract can be paused for safety pending a fix. The admins in charge of pausing the contract must actively monitor the whitelisted contracts for unexpected upgrades and exploits in order to pause it before the value of eETH drops too much.

Additionally, even disregarding future contract upgrades, the current M1 version of EigenLayer allows queued withdrawals to be slashed. Although EigenLayer does not expect to slash withdrawals, the risk still exists that the contract may do that, and if it does it, then the advanced eETH will similarly not be backed by real value.

Zellic © 2025Back to top ↑