dRdefRes

Kelp

TierΒ 1

kelp

Liquid Restaking
ArbitrumBaseBerachainBlastEthereumHemi

Kelp is the second largest liquid restaking protocol with ~$2B+ in TVL. Its liquid restaked token, rsETH, is live across 10+ major L2s and 40+ DeFi platforms, allowing users to restake while maintaining full liquidity.

5.3Safety Score55% confidence

Latest TVL

$1.39B

DeFiLlama Β· updated 5/20/2026

Audits

1

reports collected

Findings

17

across all audits

Last Updated

5/21/2026

Analyzed

Analysis Overview

πŸ—οΈ

Protocol Overview

Kelp is an EigenLayer liquid restaking protocol, the second largest LRT by TVL at $1.39B. The protocol's rsETH token provides cross-chain portability across 16 networks and integration with 40+ DeFi platforms. rsETH value derives entirely from EigenLayer restaking rewards and AVS performance. Key risks include complete EigenLayer dependency, multi-chain bridge vulnerabilities, and centralized admin control over vault operations via importVaultState, syncPerpDexBalance, and acquireManagementFee. The Delta Neutral Vault (via Harmonix) allocates 50% of funds to Zircuit staking and 50% to on-chain investment strategies.
πŸ”’

Code Security

7.0/10
The Verichains Lab audit (Aug 2024) found 17 findings in the Delta Neutral Vault contracts with a 59% fix rate. One HIGH severity finding remains unfixed: user-controlled swapCallData in the swapTo function, executed via low-level .call, creates a critical exploitation vector if exchange addresses are compromised. Medium-severity risks include centralization issues in syncPerpDexBalance and importVaultState (both acknowledged), a gas limit DoS in array operations, and a missing _gap variable in upgradeable contracts. The audit covers only the Delta Neutral Vault; the core rsETH contracts and cross-chain infrastructure have not been audited.
πŸ’°

Economic Security

5.5/10
Kelp holds $1.39B TVL across 15 chains, providing scale-based structural resilience. However, a HIGH severity vulnerability (user-controlled swapCallData, unfixed) in the swapTo function poses a flash loan and MEV attack vector. Multiple centralization risks are acknowledged: syncPerpDexBalance allows admin profit/loss manipulation, importVaultState permits arbitrary vault state changes, and acquireManagementFee enables timestamp manipulation for fee collection. Oracle sources and tokenomics data are not documented. The Delta Neutral Vault's 50/50 split between Zircuit staking and external investment strategies creates composability risk with third-party protocols.
πŸ‘₯

Team & Transparency

4.5/10
Kelp scores 4.5/10 for transparency. No doxxed team members or company information is publicly documented. The protocol appears linked to Harmonix Finance based on the audit commissioning entity, but this relationship is unconfirmed. A single Verichains Lab audit (Aug 2024) covers the Delta Neutral Vault with 17 findings documented (9 fixed, 8 acknowledged). No bug bounty program, treasury data, or governance documentation is available. The acknowledged centralization risks (admin state manipulation, arbitrary timestamp parameters) represent significant transparency gaps alongside the absence of team information.
πŸ—³οΈ

Governance

2.5/10
Kelp scores 2.5/10 β€” the protocol is heavily centralized with no DAO, timelock, or multisig controls. The ROCK_ONYX_ADMIN_ROLE has unrestricted ability to import vault state, set profit/loss values via syncPerpDexBalance, collect fees at arbitrary timestamps, and transfer any ERC20 token via emergencyShutdown. Admin identity is unknown. Upgradability relies on OpenZeppelin upgradeable contracts, but the upgrade authority and _gap variable storage handling were flagged in the audit. Findings #7 and #13 (critical centralization issues) were acknowledged but not fixed, indicating acceptance of admin key risk as a design trade-off.
πŸ”—

Cross-Analysis

Kelp presents a high-risk profile driven by compounding vectors: an unfixed HIGH vulnerability combined with admin key control enables coordinated fund extraction; anonymous operators with no multisig elevate insider threat; governance freeze combined with gas limit DoS can permanently lock user funds; and EigenLayer failure would trigger cascading rsETH depegging across 15+ chains and 40+ DeFi integrations. The single audit covers only the Delta Neutral Vault, leaving the core rsETH contracts unaudited. Mitigants include public audit transparency, a 59% fix rate, open-source code, and $1.39B TVL signaling market trust.

Executive Summary

Executive Summary: Kelp

Safety Rating: YELLOW

Overall Score: 5.3/10 | Confidence: 0.55 | Data Completeness: 0.50 "Data Completeness Score: 0.50"

Scores by Dimension

DimensionScoreKey Finding
Code Security7.0/1017 findings with 59% fix rate; HIGH severity user-controlled swapCallData remains unfixed "Score: 7.0/10"
Economic Security5.5/10$1.39B TVL with multi-chain diversification but HIGH centralization risks and limited oracle documentation "Score: 5.5/10"
Team Transparency4.5/10Single audit completed; no doxxed team members, anonymous operations with unclear Harmonix relationship "Score: 4.5/10"
Governance2.5/10Highly centralized admin control with no DAO, timelock, or multisig safeguards identified "Score: 2.5/10"
Track Record5.0/10One audit (59% fix rate) with no documented operational history or incident reports "9 FIXED: Including formula errors, missing fee decimals, and unhandled edge cases"

What This Protocol Does

Kelp is a liquid restaking protocol enabling users to deposit ETH or LSTs and receive restaked tokens (rsETH) while earning restaking rewards through EigenLayer. The protocol is the second largest liquid restaking platform with rsETH deployed across 16 networks and integrated with 40+ DeFi platforms. "Kelp is a liquid restaking protocol that enables users to deposit Ethereum (ETH) or liquid staking tokens (LSTs) and receive restaked tokens (LRTs) in return"

Key Strengths

  • Substantial TVL and market position: $1.39B TVL makes Kelp the second largest liquid restaking protocol, indicating market trust and operational stability "Kelp is the second largest liquid restaking protocol with approximately $1.39 billion in TVL"
  • Public audit with detailed findings: Verichains Lab audit completed Aug 2024 with all 17 findings documented, enabling community monitoring "Completed third-party audit: Verichains Lab audit completed and findings publicly documented"
  • Strong fix rate: 59% of identified issues were fixed prior to public release, demonstrating responsiveness to security feedback "9 FIXED: Including formula errors, missing fee decimals, and unhandled edge cases"
  • Open-source codebase: Contracts publicly available on GitHub (harmonixfi/core-smart-contract), enabling independent verification "Open-source code: Yes β€” GitHub repo harmonixfi/core-smart-contract referenced in audit"
  • Multi-chain deployment: rsETH deployed across 16 networks provides resilience against single-chain failures "Liquidity is distributed across 15 chains"

Key Risks

  • Severe governance centralization: Admin can manipulate vault state, profit/loss calculations, and user balances through multiple functions with no checks or balances "Admin can manipulate profit/loss calculations: The syncPerpDexBalance function allows direct setting of profit/loss"
  • Unfixed HIGH severity vulnerability: User-controlled swapCallData in swapTo function remains acknowledged rather than fixed, creating exploitation vector for sophisticated attackers "User-Controlled swapCallData in swapTo Function β€” Status: Acknowledged"
  • Anonymous team with no multisig: No doxxed team members, no multisig configuration, no timelock mechanism β€” users must trust anonymous operators with complete fund access "Admin Identity: Unknown. No multisig configuration, signer identities, or EOA identification found"
  • Limited audit scope: Only Delta Neutral Vault audited; core rsETH restaking contracts and cross-chain infrastructure not reviewed "Data gap: Only one audit covering the Delta Neutral Vault component"
  • EigenLayer dependency: All rsETH value derives from EigenLayer AVS performance β€” existential risk if EigenLayer fails "All rsETH value derives from EigenLayer AVS performance and rewards"

Critical Findings

  • Admin-controlled fund manipulation (HIGH severity): Multiple audit findings allow admin to directly manipulate user balances, profit/loss calculations, and fees. All acknowledged but not fixed. "Admin can manipulate user balances: The importVaultState function allows complete state manipulation"
  • User-controlled swapCallData vulnerability (HIGH severity): Unfixed acknowledged vulnerability allowing arbitrary swap execution via low-level .call, enabling potential exploitation if exchange addresses are compromised "The swapTo function presents a significant vulnerability by allowing users to directly control the swapCallData without any validation"
  • No recovery path for admin key loss: Gas limit issue in array operations could prevent emergency functions from executing if arrays grow too large, creating potential fund lock scenario "Looping through the array in updateDepositArr and updateWithdrawalArr causes the gas limit to be exceeded"

Recommendation

Kelp presents a moderate-to-high risk profile suitable primarily for risk-tolerant users seeking maximum yield through restaking. The protocol's $1.39B TVL and second-largest market position demonstrate operational viability, but significant concerns exist: the unfixed HIGH severity vulnerability, severe centralization risks with no multisig or timelock safeguards, and anonymous team operations. Users with low-to-moderate risk tolerance should wait for governance improvements (multisig controls, timelock implementation) before committing significant capital. The limited audit scope (Delta Neutral Vault only) and unclear relationship with Harmonix Finance add further uncertainty. If deployed, users should avoid depositing maximum available amounts and should monitor for governance security improvements.

Report Sections

  • Protocol Overview
  • Code Security
  • Economic Security
  • Social & Team
  • Governance
  • Cross-Risk Analysis

Vulnerability Findings

High2Medium11Low3Info1

Audit Reports (1)

AuditorTierStatusDiscoveredLink
Unknownβ€”completed5/20/2026View β†—