BlackHartBlackHart
Scores/Ether.fi

Ether.fi

TEMPERED

Liquid Restaking · Ethereum · $5B+ TVL · 10 contracts

Official site: etherfi.com

722
3004756508251000
Confidence83%
Z-Factor0.68
Updated 2026-05-27Public score

Security Profile

Access Ctrl
62
Economic
75
Oracle
72
Compos.
58
Govern.
48
Resilience
78
OpSec
65
Cascade
45
Min
45
Avg
63
Max
78

Audit History

Certora (Formal)
2024-01
Omniscia
2023-12
Code4rena
2024-02

Bug Bounty Program

$250,000
Max payout on Immunefi
View Program

Assessment

Largest liquid restaking protocol. Clean track record (no exploit, no depeg). But: full EigenLayer compositional exposure, governance centralization, no timelock on upgrades. Fork validation confirmed 8/8 findings as false positives, indicating strong runtime defense not captured by static graph.

Dimension Breakdown

Methodology
Access Control
Weight 23% · 80% confidence
62
+1218 permissionless state-mutating functions out of 75 external
+12roleRegistry.hasRole() provides runtime defense invisible to static analysis
+128/8 fork-validated redemption chains are HONEST_NEGATIVE (safeTransferFrom msg.sender pattern)
+12Lone-sink heuristic false positives inflate raw cell count
Provenance
Compositional Risk
Weight 18% · 82% confidence
58
+11Inherits ALL EigenLayer compositional risk (slashing, restaking, AVS)
+11weETH widely integrated: Aave, Morpho, Pendle, Compound
+11Largest liquid restaking by TVL (~$6B+) = maximum cascade exposure
-55Cross-protocol liquidation cascades are primary systemic risk
Provenance
Adversarial Resilienceredacted
Weight 18% · 85% confidence
78
  • Pause mechanism (pauseContract/unPauseContract) gated by roleRegistry roles
  • UUPS upgrade protected by _authorizeUpgrade with owner check
  • Multiple audit rounds: Omniscia, Certora, Zellic
  • 30+ months mainnet without exploit (since Nov 2023)
Provenance
Economic Soundness
Weight 12% · 80% confidence
75
+2956 permissionless entries, 19 admin-gated (1_key)
-42True attack surface is 18 permissionless state-mutating functions
+29Key entry points: deposit, withdraw, requestWithdraw, rebase, burnEEthShares
Provenance
Oracle Integrity
Weight 12% · 78% confidence
72
+16Pause mechanism (pauseContract/unPauseContract) gated by roleRegistry roles
+16UUPS upgrade protected by _authorizeUpgrade with owner check
+16Multiple audit rounds: Omniscia, Certora, Zellic
+1630+ months mainnet without exploit (since Nov 2023)
Provenance
Governance & Upgradeability
Weight 12% · 72% confidence
48
+14Internal rate oracle: (totalValueInLp + totalValueOutOfLp) / totalShares
+14amountForShare() and sharesForAmount() are core conversion functions
+14Chainlink integration for DeFi composition pricing
+14No external oracle manipulation surface detected in graph
Provenance
Operational Security
Weight 12% · 60% confidence
65
-18No branch protection detected
-18CI/CD present but unstable (60% success)
+16Commit signing: 98% verified
+16Strong PR review culture (87% reviewed)
Provenance
Cascade Exposure
Weight 6% · 75% confidence
45
  • Inherits ALL EigenLayer compositional risk (slashing, restaking, AVS)
  • weETH widely integrated: Aave, Morpho, Pendle, Compound
  • Largest liquid restaking by TVL (~$6B+) = maximum cascade exposure
  • Cross-protocol liquidation cascades are primary systemic risk
Provenance

Additional Dimensions

Battle-Tested Maturity
Weight conditional · 0% confidence
-1
+12ETHFI token governance exists but team retains significant operational control
+12roleRegistry manages LIQUIDITY_POOL_ADMIN_ROLE, VALIDATOR_APPROVER/CREATOR roles
+12admins/pausers mappings are team-managed
+12Governance participation is low relative to TVL
Provenance
Supply Chain
Weight conditional · 0% confidence
-1
+15SMDE: 0 anomalies, 0 novel classes, 0 clusters
+15Game theory: IRRATIONAL equilibrium (no profitable deviation)
+15Standard DeFi state patterns, no exotic state mutations
+15DEPRECATED_ prefix on 14 functions indicates clean upgrade history
Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Access Control
62+45.6 potential
18 permissionless state-mutating functions out of 75 external
Economic Soundness
58+38.7 potential
True attack surface is 18 permissionless state-mutating functions
Battle-Tested Maturity
48+34.6 potential
ETHFI token governance exists but team retains significant operational control
Operational Security
65+20 potential
No branch protection detected
Compositional Risk
45+18.5 potential
Cross-protocol liquidation cascades are primary systemic risk

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2023-11-018 dimensionsProvenance Ledger
methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:e...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug
"etherfi"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("etherfi")
Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View PlansMethodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public
Style
Theme
Format
Preview
Copy iframe code
<iframe
  src="https://blackhart.io/embed/oracle/etherfi?variant=card&theme=dark"
  title="BlackHart Risk Index: Ether.fi"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>
Believe this score contains a factual error? Submit evidence for review