Scores/Renzo Protocol

Renzo Protocol

TEMPERED

Liquid Restaking · Ethereum · $1B+ TVL · 10 contracts

Confidence 65%Z-Factor 0.60Updated 2026-05-13Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

742

BRI Score

3004756508251000

Security Profile

Access Control
70

Economic Soundness
68

Oracle Integrity
72

Compositional Risk
50

Governance
42

Maturity
62

Resilience
50

Supply Chain
78

Op Security
68

Cascade Exposure
89

Access Ctrl
70

Economic
68

Oracle
72

Compos.
50

Govern.
42

Maturity
62

Resilience
50

Supply Ch.
78

OpSec
68

Cascade
89

Min

Avg

Max

Audit History

Halborn

2024-01

Code4rena

2024-05

Bug Bounty Program

$250,000

Max payout on Immunefi

View Program →

Assessment

Liquid restaking with proven depeg risk. Inherits EigenLayer compositional risk (D4=50) and governance centralization (D5=42) significantly drag score. No BlackHart findings but economic design issues are documented.

Dimension Breakdown

How scores work →

Access Control

Weight 18%68% conf

Good

Operator selection controlled by Renzo team
Deposit/withdrawal gated by protocol state
ezETH minting access open but redemption has been restricted
Admin keys control operator delegation and strategy

Economic Soundness

Weight 13%65% conf

Moderate

ezETH depeg events occurred (May 2024, ~18% depeg)
Restaking yield model depends on AVS reward sustainability
Withdrawal queue design caused liquidity crises
Points-based incentive model creates speculative pressure

Oracle Integrity

Weight 13%70% conf

Good

ezETH/ETH rate determined internally by protocol
External oracle feeds for cross-chain bridging
Rate oracle manipulation surface during depegs
Chainlink feed added post-depeg for external validation

Battle-Tested Maturity

Weight 12%70% conf

Moderate

Mainnet since January 2024 (~28 months)
Experienced significant depeg event (May 2024)
Protocol redesign after depeg (withdrawal improvements)
TVL ~$3B, moderate battle testing
Z-factor: 0.823

Governance & Upgradeability

Weight 10%75% conf

Concerning

REZ token governance but largely centralized operation
Team multisig controls critical parameters
No meaningful timelock on operator changes
Withdrawal restrictions imposed unilaterally during stress

Adversarial Resilience

Weight 10%30% conf

Concerning

Maximum resilience under independent adversarial testing
Comprehensive security coverage across all attack surfaces
Active bounty program incentivizes continuous scrutiny
No validated adversarial findings — score set to neutral baseline

Operational Security

Weight 10%65% conf

Moderate

Response to depeg was slow initially
Improved operational procedures post-incident
Cross-chain deployment adds operational complexity
Monitoring improvements after May 2024 event

Compositional Risk

Weight 5%72% conf

Concerning

Inherits ALL EigenLayer compositional risk
ezETH composed across lending protocols (Morpho, Aave)
Cross-chain bridging adds bridge risk layer
AVS slashing cascades through to ezETH holders
Depeg showed cascade risk in DeFi composability

Cascade Exposure

Weight 5%60% conf

Strong

Appears in 2 cross-protocol cascade chain(s)
Member of 4 dependency cluster(s)
Score: 89/100 (higher = more isolated from systemic risk)
Source: cross_protocol_composition.json dependency analysis

Supply Chain

Weight 4%80% conf

Good

OpenZeppelin upgradeable contracts
Standard dependency stack
Cross-chain message passing adds bridge dependencies
Multiple proxy layers increase upgrade surface

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Governance & Upgradeability42

Compositional Risk50

Adversarial Resilience50

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2024-01-15Z-Factor 0.60010 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug: "renzo"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("renzo")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring Plans How Scores Work

Believe this score contains a factual error? Submit evidence for review →