Kelp
TierΒ 1kelp
Liquid RestakingKelp is the second largest liquid restaking protocol with ~$2B+ in TVL. Its liquid restaked token, rsETH, is live across 10+ major L2s and 40+ DeFi platforms, allowing users to restake while maintaining full liquidity.
Audits
1
reports collected
Findings
17
across all audits
Last Updated
5/21/2026
Analyzed
Analysis Overview
Protocol Overview
Code Security
Economic Security
Team & Transparency
Governance
Cross-Analysis
Executive Summary
Executive Summary: Kelp
Safety Rating: YELLOW
Overall Score: 5.3/10 | Confidence: 0.55 | Data Completeness: 0.50 "Data Completeness Score: 0.50"
Scores by Dimension
| Dimension | Score | Key Finding |
|---|---|---|
| Code Security | 7.0/10 | 17 findings with 59% fix rate; HIGH severity user-controlled swapCallData remains unfixed "Score: 7.0/10" |
| Economic Security | 5.5/10 | $1.39B TVL with multi-chain diversification but HIGH centralization risks and limited oracle documentation "Score: 5.5/10" |
| Team Transparency | 4.5/10 | Single audit completed; no doxxed team members, anonymous operations with unclear Harmonix relationship "Score: 4.5/10" |
| Governance | 2.5/10 | Highly centralized admin control with no DAO, timelock, or multisig safeguards identified "Score: 2.5/10" |
| Track Record | 5.0/10 | One audit (59% fix rate) with no documented operational history or incident reports "9 FIXED: Including formula errors, missing fee decimals, and unhandled edge cases" |
What This Protocol Does
Kelp is a liquid restaking protocol enabling users to deposit ETH or LSTs and receive restaked tokens (rsETH) while earning restaking rewards through EigenLayer. The protocol is the second largest liquid restaking platform with rsETH deployed across 16 networks and integrated with 40+ DeFi platforms. "Kelp is a liquid restaking protocol that enables users to deposit Ethereum (ETH) or liquid staking tokens (LSTs) and receive restaked tokens (LRTs) in return"
Key Strengths
- Substantial TVL and market position: $1.39B TVL makes Kelp the second largest liquid restaking protocol, indicating market trust and operational stability "Kelp is the second largest liquid restaking protocol with approximately $1.39 billion in TVL"
- Public audit with detailed findings: Verichains Lab audit completed Aug 2024 with all 17 findings documented, enabling community monitoring "Completed third-party audit: Verichains Lab audit completed and findings publicly documented"
- Strong fix rate: 59% of identified issues were fixed prior to public release, demonstrating responsiveness to security feedback "9 FIXED: Including formula errors, missing fee decimals, and unhandled edge cases"
- Open-source codebase: Contracts publicly available on GitHub (harmonixfi/core-smart-contract), enabling independent verification "Open-source code: Yes β GitHub repo harmonixfi/core-smart-contract referenced in audit"
- Multi-chain deployment: rsETH deployed across 16 networks provides resilience against single-chain failures "Liquidity is distributed across 15 chains"
Key Risks
- Severe governance centralization: Admin can manipulate vault state, profit/loss calculations, and user balances through multiple functions with no checks or balances "Admin can manipulate profit/loss calculations: The syncPerpDexBalance function allows direct setting of profit/loss"
- Unfixed HIGH severity vulnerability: User-controlled swapCallData in swapTo function remains acknowledged rather than fixed, creating exploitation vector for sophisticated attackers "User-Controlled swapCallData in swapTo Function β Status: Acknowledged"
- Anonymous team with no multisig: No doxxed team members, no multisig configuration, no timelock mechanism β users must trust anonymous operators with complete fund access "Admin Identity: Unknown. No multisig configuration, signer identities, or EOA identification found"
- Limited audit scope: Only Delta Neutral Vault audited; core rsETH restaking contracts and cross-chain infrastructure not reviewed "Data gap: Only one audit covering the Delta Neutral Vault component"
- EigenLayer dependency: All rsETH value derives from EigenLayer AVS performance β existential risk if EigenLayer fails "All rsETH value derives from EigenLayer AVS performance and rewards"
Critical Findings
- Admin-controlled fund manipulation (HIGH severity): Multiple audit findings allow admin to directly manipulate user balances, profit/loss calculations, and fees. All acknowledged but not fixed. "Admin can manipulate user balances: The importVaultState function allows complete state manipulation"
- User-controlled swapCallData vulnerability (HIGH severity): Unfixed acknowledged vulnerability allowing arbitrary swap execution via low-level .call, enabling potential exploitation if exchange addresses are compromised "The swapTo function presents a significant vulnerability by allowing users to directly control the swapCallData without any validation"
- No recovery path for admin key loss: Gas limit issue in array operations could prevent emergency functions from executing if arrays grow too large, creating potential fund lock scenario "Looping through the array in updateDepositArr and updateWithdrawalArr causes the gas limit to be exceeded"
Recommendation
Kelp presents a moderate-to-high risk profile suitable primarily for risk-tolerant users seeking maximum yield through restaking. The protocol's $1.39B TVL and second-largest market position demonstrate operational viability, but significant concerns exist: the unfixed HIGH severity vulnerability, severe centralization risks with no multisig or timelock safeguards, and anonymous team operations. Users with low-to-moderate risk tolerance should wait for governance improvements (multisig controls, timelock implementation) before committing significant capital. The limited audit scope (Delta Neutral Vault only) and unclear relationship with Harmonix Finance add further uncertainty. If deployed, users should avoid depositing maximum available amounts and should monitor for governance security improvements.
Report Sections
- Protocol Overview
- Code Security
- Economic Security
- Social & Team
- Governance
- Cross-Risk Analysis
Vulnerability Findings
Audit Reports (1)
| Auditor | Tier | Status | Discovered | Link |
|---|---|---|---|---|
| Unknown | β | completed | 5/20/2026 | View β |