1. EigenLayer's core technology Restaking allows decentralized services (AVS) to reuse Ethereum's staking pool and enhance the trust mechanism. When the withdrawal voucher of the ETH validator is redirected to the EigenLayer contract, AVS can set a reward and punishment mechanism to attract low-cost verification participation, improve the capital utilization rate of the validator and enhance the overall network security.

2. EigenLayer introduces new micro and macro security challenges in the "consensus selling market". The main body of the market: ETH validators (Operators), service projects (AVS) that require decentralized PoS trust, and the EigenLayer platform itself, constitute the interactive structure in the ecosystem. Each of these parts may face security threats, affecting the stability of the entire ecosystem. Malicious operators may attack multiple services at a lower cost under the Restaking mechanism; malicious AVS may use superficial propaganda and seemingly credible returns to attract uninformed operators to join its service system, causing them to suffer slashing and irreversible losses; the rapidly developing ecosystem has put forward higher requirements for the security of the EigenLayer protocol.

3. Professional audits and reliable dynamic protection measures are the cornerstones of ensuring the security of the platform and users. In addition to innovation, the EigenLayer ecosystem also needs a strong security framework that can cope with new challenges. BlockSec continues to build in the field of blockchain security, providing professional code audits and dynamic security protection after launch for project parties to support the continued growth of this ecosystem.

Introduction

The Ethereum-based protocol EigenLayer innovatively proposes a re-staking function, allowing participants to further use their staked ETH to support other protocols while maintaining their original stakes and returns, thereby maximizing the potential value of capital.

From $1 billion at the beginning of 2024 to $15.3 billion now, EigenLayer's TVL is second only to Lido in the entire DeFi ecosystem. The explosive growth not only demonstrates the strong interest of the market, but also verifies the practicality and influence of its technology. With this growth, projects based on the EigenLayer ecosystem such as Puffer Finance and Renzo have also quickly gained the favor of capital and users. The re-staking track with EigenLayer as the core is undoubtedly one of the most watched narratives in the DeFi ecosystem this year.

As a company focusing on blockchain security, we will analyze and discuss from a macro to micro security perspective what new security challenges and tests EigenLayer's operating mechanism brings while innovating the DeFi ecosystem.

Top-level design and macro security

Restaking is essentially a basic means to further solve specific problems by reusing the trust provided by the Ethereum Proof of Stake (PoS) pledge pool. As the founder of the Restaking technology, EigenLayer provides a two-way free Ethereum fund pool trust sale to an emerging market, that is, it provides a consensus sale market. EigenLayer claims that the current Ethereum ecosystem is suffering from the macro security problem of trust split, and EigenLayer can solve this problem well. Next, we will start from the design and motivation of EigenLayer to understand what trust split is and how EigenLayer solves trust split.

1. Who is the service object of the consensus sale market? Who are the two parties involved in the two-way freedom?

EigenLayer sells the trust provided by Ethereum's pledge fund pool, so the seller of consensus is Ethereum's verification node Validator. The buyer is the Actively Validated Services (AVSs). In simple terms, it can be understood as any service that needs to build a distributed trust network. AVS is the buyer, and their demand is to buy distributed trust.

2. Why does this emerging market segment need to exist? What problem does it solve?

Ethereum only provides innovative properties at the contract level. Developers have more "deeper" innovation needs, such as trying to modify the program's operating environment (in Ethereum, it is Ethereum Virtual Machine EVM), or further hoping to modify the consensus protocol.

Figure 1: Ethereum Trust Flow, Source: EigenLayer Forum

The founder of EigenLayer regards these developers' desire for underlying innovation as an unmet market demand and a problem of limited innovation, and attempts to solve this problem of limited innovation by providing a free trading market for reusing Ethereum trust, meeting developers' innovation needs and reducing innovation costs.

EigenLayer also addresses the macro security problem caused by Ethereum's limited innovation, namely the trust split problem. In Ethereum's PoS mechanism, network security depends on sufficient staked funds and the number of validating nodes. New projects trying to build their own trust networks often need to stake their own tokens, which causes staked funds to be diverted from the Ethereum mainnet, affecting its security. For example, if the Ethereum mainnet has 10B staked funds, and the total staked funds dispersed to three sub-services are 3B, the actual increase in staked funds does not directly enhance the security of the mainnet. In addition, trust splits may also increase the security risks of DApps, because attackers may target sub-services with less funds and exploit weaknesses in the system to cause wider security issues.

Figure 2: Pooled security of EigenLayer, Source: EigenLayer Whitepaper

In summary, the current Ethereum ecosystem suffers from both the problem of limited innovation and the problem of trust division caused by limited innovation. EigenLayer was born to solve these two problems.

3. How does EigenLayer solve these problems?

Figure 3：Comparing the ecosystem of actively validated services today and with EigenLayer, Source: EigenLayer Whitepaper 

Existing AVS cannot access the Ethereum pledge pool, let alone slashing. Restaking technology opens a channel for AVS to access the Ethereum pledge pool in the form of an interface, and this channel is EigenLayer. In the abstract layer of EigenLayer, services exist in the form of smart contracts, and the Ethereum underlying layer ensures the reliability of the platform. Through this platform, AVS can define its verification requirements and reward and punishment mechanisms, attract ETH validators to participate at a lower cost, and improve the security and efficiency of the entire network. These services include deploying dedicated Slashing and Payment Contracts, allowing validators to choose to participate as needed to obtain profits.

4. Does EigenLayer solve these problems well? Are there any costs associated with solving these two problems?

First, regarding the issue of limited innovation, by reusing the trust provided by the Ethereum pledge pool, AVSs can indirectly absorb the trust of Ethereum, effectively reducing the startup cost of such services and providing a prerequisite for the prosperity of the blockchain ecosystem.

Then there is the more critical issue of Ethereum's trust split. On the one hand, investors re-staking to support AVSs through EigenLayer is a more profitable option, which can also largely support the return of pledged funds diverted to decentralized services to the pledge pool of Ethereum. On the other hand, the cost of validators participating in verification has become lower. For AVS itself, it can attract more re-pledged assets at a lower cost, and more re-pledged funds will strengthen the weakest link in the chain of attack events mentioned above, improving overall security.

From the perspective of design and motivation, many projects have made relatively mature attempts to innovate, such as Cosmo, OP Stack, etc. These projects allow emerging project parties to launch a new public chain at a relatively lower cost, but none of them solve the macro-security problem of trust split. The macro-security problem of trust split solved by EigenLayer, as well as the lower threshold for AVSs and higher returns (with risks) for ETH Validators, are all very attractive and unique.

Security of the Emerging Ecosystem

EigenLayer's trust-selling market can be divided into three entities:

• Operator, which is generally considered to be the ETH Validator, the trusted seller;

• AVS, which is a service project that requires decentralized PoS trust, the buyer;

• The EigenLayer platform that supports Operator and AVS, that is, the market itself.

These three entities constitute the EigenLayer ecosystem, each of which may face security threats, affecting the stability of the entire ecosystem.

1. Reduced crime costs for malicious Operators

ETH Validator only needs to pay one capital in the EigenLayer ecosystem to get multiple returns. This greatly improves the utilization rate of pledged funds, making the threshold for Operators to enter the AVSs service trust network lower. Correspondingly, Operators also need to undertake verification tasks specified by the selected AVS and bear additional risks. The increased utilization rate of funds also significantly reduces the cost of crime for malicious Operators.

This risk is mentioned in the white paper, and a potential solution is provided, that is, setting up a dashboard that can be accessed by anyone. In the AVS with high utilization of malicious funds, the Dashboard can be used to check whether the Operator who provides the Restaking deposit to itself is in a multiple pledge state, how many times it has been pledged, etc. The white paper emphasizes that this is a two-way free market that does not care about the utilization rate of malicious funds and does not allow multiple pledges. Obviously, it can attract more Restaking deposits, which depends entirely on AVS's own considerations.

2. Malicious AVS attracts blind Operators

AVS mainly provides a reward and punishment mechanism for Restaking deposits in the EigenLayer market, and the reward and punishment mechanism is determined by AVS itself, and the corresponding Contracts will be deployed on the Ethereum mainnet. Operators and EigenLayer can also ask the AVS project to open source such contracts, but we cannot guarantee that every Operator has enough ability and energy to confirm whether the AVS service they want to purchase is reliable. The absolute freedom of AVS may lead to malicious AVS attracting Operators through false or exaggerated information, and using contract coding loopholes to trigger Slashing through backdoors. The market is always profitable, and malicious AVS may attract relatively blind Operators, who will eventually suffer from malicious slashing and other behaviors, bringing irreversible losses.

In order to avoid such incidents, the security and reliability of the AVS reward and punishment mechanism can be guaranteed through auditing. The EigenLayer white paper hopes that the AVS reward and punishment contracts will all be subject to reasonable audits and evaluations. At the same time, the EigenLayer white paper proposes the establishment of a committee to supervise the Slashing reward and punishment mechanism to help the emerging AVS get on the right track.

3. Platform security

Finally, there is the security of EigenLayer itself, that is, the security of the platform. If the EigenLayer platform itself has security loopholes, it will cause great harm to the entire ecosystem and even directly threaten the security of Ethereum's PoS consensus. Considering that EigenLayer aims to provide a two-way free trade market for Operators and AVSs, more custom interfaces need to be provided for both parties to support richer needs. This rich demand will also make the abstraction layer more complex to a greater extent, which will lead to more potential security threats.

Since EigenLayer itself is also implemented by contracts, its basic security can also be guaranteed by code audits and post-launch monitoring, but as mentioned earlier, these contracts still need to stand the test of time.

Summary

EigenLayer innovatively proposes the Restaking mechanism, which not only optimizes the use of funds, but also improves network scalability while addressing the macro security issues of trust splitting. However, in addition to many innovative advantages, it also introduces new security challenges and potential risks, such as the reduction of the cost of malicious behavior due to the increase in fund utilization. Therefore, it is crucial for blockchain developers, investors, and security experts to pay attention to the associated problems and find solutions.

As a company focused on blockchain security, we recognize that in-depth audits of the code of EigenLayer and its ecosystem, as well as the implementation of dynamic monitoring and security protection measures, are critical to maintaining the security of the entire DeFi ecosystem. Security should be fully considered during the design and implementation phase of AVS, and professional audits and dynamic monitoring and security protection are the cornerstones of ensuring the security of the platform and users. With the continuous evolution of blockchain technology and the growth of market demand, EigenLayer and its ecosystem need not only innovation, but also a strong security framework that can meet new challenges. Therefore, we will continue to build on the security frontier, provide more projects with sophisticated code audit services, as well as post-launch monitoring and dynamic security protection, to support the continued growth of this ecosystem.