Diligence

Liquid Collective aims to meet high standards of excellence for operations and service by acting with accountability, urgency, and integrity. We recognize the importance of protecting participants' security when using the protocol, and understand that security is primordial to maintaining participants' trust.

Questions?

Contact us



Code audits

Liquid Collective engaged independent security firms Halborn and Spearbit to perform security audits of the protocol. Every protocol feature deployed to mainnet has previously been reviewed by at least one of those teams. View all audits

Vulnerability disclosure policy

We welcome the community to review the Liquid Collective protocol's code and report any bug or security vulnerability discovered. View the policy

Compliance

Liquid Collective was designed from the start with a regulatory-focused mindset. Liquid Collective is the only decentralized liquid staking protocol that requires KYC/AML on all participants interacting with the protocol directly, ensuring known staking counterparties and limiting the surface area for direct attacks on the protocol's smart contracts.

The LsETH user agreement is contractually structured as a bailment, offering a clear legal framework for staking activities. And, at its core, the protocol is built with a direct staking model, designed to expand direct staking through liquid staking tokens (LSTs), which represent legal and beneficial ownership of a staker's tokens and any network rewards the tokens accrue.

Read permissioning docs

Risks & mitigations


Smart Contract Risk

The Liquid Collective protocol is a layer of code written on top of the Ethereum Deposit contract. Similar to any protocol providing a service, there is a potential for code vulnerabilities that are missed by third-party auditors

LIQUID COLLECTIVE’S MITIGATION STRATEGY

Relative to a DeFi lending protocol, where the entire TVL is held in smart contracts, the Liquid Collective smart contracts only hold value as it flows through to the ETH Deposit contract. Additionally, multiple third-party service providers have been engaged to conduct audits of the protocol’s code. In addition to conducting third party audits, the strategy to deliver multi-chain liquid staking involves collaborating with existing liquid staking technology providers and leveraging their already battle-tested code.


Slashing Risk

As is the case in all proof of stake networks, validators may be penalized for failing to perform their job efficiently. This most commonly results from validator downtime and from a double signing event.

LIQUID COLLECTIVE’S MITIGATION STRATEGY

Part of Liquid Collective’s strategy to provide a secure and enterprise-grade liquid staking solution involves conducting sanctions checks on the protocol’s active validator set. Liquid Collective leverages the support of security-focused Node Operators that institute best practices, including multi-cloud/multi-region infrastructure, technical support teams, and security posturing (including double-sign protection).

Although the protocol’s validator set consists of prominent Node Operators, in the event that a slashing event occurs the protocol provides a robust Slashing Coverage Program, including Nexus Mutual cover, to mitigate the risk of Node Operator failures and network outages. This Slashing Coverage is provided to every LsETH holder via the LsETH user agreement.



Risk of Hack

A significant risk would be a hack where the minting functionality for LsETH is compromised.

LIQUID COLLECTIVE’S MITIGATION STRATEGY

Protocol activity, such as LsETH supply updates, will be monitored and analyzed. In case of any anomalies, a first incident response plan will be executed to remedy the issue, which may result in pausing the protocol to temporarily disable all types of activities.



→ Read the Litepaper

Security FAQS

+

How is the Liquid Collective protocol secured?

Liquid Collective protocol implements a number of best practices:

  • Best-in-class node operators providing enterprise-grade staking infrastructure
  • Non-custodial staking framework reduces counterparty risk
  • Multiple code audits and partnering with battle-tested technology providers
  • DAO governance and decision making process alongside industry leaders
+

Where is the staked ETH custodied?

Liquid Collective is non-custodial. Ethereum deposited to Liquid Collective is custodied by the Ethereum deposit contract.

+

Who is in the validator set? How is the stake distributed?

Liquid Collective will be launching with an initial set of enterprise-grade, security-focused validators which include validators such as Figment, Coinbase Cloud, and Staked. The stake will be distributed across validators in a round-robin manner so that the Liquid Collective protocol is supported by a broad and dispersed active validator set.

+

Where are withdrawal keys and validator keys (public and private) held?

Public withdrawal keys are set to the Liquid Collective protocol smart contract address during the validator onboarding process. Once set, this address can't be changed, as is governed by the Ethereum protocol when setting Type 1 (0x01) address.

Validator public addresses are submitted to the Liquid Collective Node Operators Registry. Validator private keys are owned and securely managed by the Node Operators.

→ View all FAQs

Your subscription could not be saved. Please try again.
Thank you for subscribing!

Sign up for the newsletter


Latest

Follow @liquid_col for updates