Scores/Ether.fi

Ether.fi

TEMPERED

Liquid Restaking · Ethereum · $5B+ TVL · 10 contracts

Confidence 83%Z-Factor 0.68Updated 2026-05-06Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

721

BRI Score

3004756508251000

Security Profile

Access Control
62

Economic Soundness
75

Oracle Integrity
72

Compositional Risk
58

Governance
48

Resilience
78

Cascade Exposure
45

Access Ctrl
62

Economic
75

Oracle
72

Compos.
58

Govern.
48

Resilience
78

Cascade
45

Min

Avg

Max

Audit History

Certora (Formal)

2024-01

Omniscia

2023-12

Code4rena

2024-02

Bug Bounty Program

$250,000

Max payout on Immunefi

View Program →

Assessment

Largest liquid restaking protocol. Clean track record (no exploit, no depeg). But: full EigenLayer compositional exposure, governance centralization, no timelock on upgrades. Fork validation confirmed 8/8 findings as false positives, indicating strong runtime defense not captured by static graph.

Dimension Breakdown

How scores work →

Access Control

Weight 26%80% conf

Moderate

18 permissionless state-mutating functions out of 75 external
roleRegistry.hasRole() provides runtime defense invisible to static analysis
8/8 fork-validated redemption chains are HONEST_NEGATIVE (safeTransferFrom msg.sender pattern)
Lone-sink heuristic false positives inflate raw cell count
deposit() is the only payable function

Compositional Risk

Weight 20%82% conf

Moderate

56 permissionless entries, 19 admin-gated (1_key)
True attack surface is 18 permissionless state-mutating functions
941 total functions inflated by proxy/library internals (OZ Address, ERC1967, StorageSlot)
Key entry points: deposit, withdraw, requestWithdraw, rebase, burnEEthShares
UUPS proxy adds upgrade surface but gated by _authorizeUpgrade

Adversarial Resilience

Weight 20%85% conf

Good

Pause mechanism (pauseContract/unPauseContract) gated by roleRegistry roles
UUPS upgrade protected by _authorizeUpgrade with owner check
Multiple audit rounds: Omniscia, Certora, Zellic
30+ months mainnet without exploit (since Nov 2023)
safeTransferFrom(msg.sender) pattern prevents unauthorized token extraction

Economic Soundness

Weight 13%80% conf

Good

SMDE: 0 anomalies, 0 novel classes, 0 clusters
Game theory: IRRATIONAL equilibrium (no profitable deviation)
Standard DeFi state patterns, no exotic state mutations
DEPRECATED_ prefix on 14 functions indicates clean upgrade history
totalValueInLp/totalValueOutOfLp accounting is straightforward

Oracle Integrity

Weight 13%78% conf

Good

Internal rate oracle: (totalValueInLp + totalValueOutOfLp) / totalShares
amountForShare() and sharesForAmount() are core conversion functions
Chainlink integration for DeFi composition pricing
No external oracle manipulation surface detected in graph
Rate oracle complexity is moderate but has been audited

Governance & Upgradeability

Weight 13%72% conf

Concerning

ETHFI token governance exists but team retains significant operational control
UUPS proxy upgrades without long timelocks
roleRegistry manages LIQUIDITY_POOL_ADMIN_ROLE, VALIDATOR_APPROVER/CREATOR roles
admins/pausers mappings are team-managed
Governance participation is low relative to TVL

Cascade Exposure

Weight 7%75% conf

Concerning

Inherits ALL EigenLayer compositional risk (slashing, restaking, AVS)
weETH widely integrated: Aave, Morpho, Pendle, Compound
Largest liquid restaking by TVL (~$6B+) = maximum cascade exposure
Cross-protocol liquidation cascades are primary systemic risk
Cash product adds stablecoin composition layer

Additional Dimensions

Battle-Tested Maturity

Weight conditional0% conf

-1

Critical

Not assessed — excluded from BRI computation

Supply Chain

Weight conditional0% conf

-1

Critical

Not assessed — excluded from BRI computation

Operational Security

Weight conditional0% conf

-1

Critical

Not assessed — excluded from BRI computation

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Cascade Exposure45

Governance & Upgradeability48

Compositional Risk58

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2023-11-01Z-Factor 0.6807 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug: "etherfi"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("etherfi")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring Plans How Scores Work

Believe this score contains a factual error? Submit evidence for review →