ether.fi

About

ether.fi is a decentralized non-custodial liquid restaking protocol that offers staking, automated DeFi vaults (Liquid), and a non-custodial credit card (Cash). It provides value-accruing restaked tokens (weETH, eBTC, eUSD) that capture Ethereum staking rewards and EigenLayer restaking rewards, with integration across 400+ DeFi protocols.

Where Does Yield Come From?

Yield is generated through three primary mechanisms:

1. Native restaking tokens (eETH/weETH, eBTC, eUSD) – These tokens earn two kinds of rewards: base Ethereum staking rewards and additional rewards from EigenLayer restaking services. The restaking rewards are collected every week, converted into ETH, and automatically added to a shared liquidity pool. This increases the token’s value through a rebasing adjustment (for eETH) or through growth inside a wrapped version (for weETH).

2. Automated DeFi vaults – The “Liquid” vaults run automated strategies for ETH, BTC, and stablecoins. They continuously rebalance and compound yields from integrated protocols like Aave, Pendle, and Gearbox, so the process is hands‑off for the user.

3. Cashback on card spending – The “Cash” product gives cashback rewards when you use its non‑custodial credit card.

The protocol’s yield structure is designed to capture both Ethereum’s staking yield and the extra rewards from EigenLayer’s validation services (called AVS), while remaining compatible with the wider DeFi ecosystem. How fees and rewards are distributed is governed by the protocol’s rules, and all rewards accrue directly to token holders—no manual claiming is required.

Audits

Audit / Date	Findings	Verdict
CertiK25-02-2023	Critical0 High1 Medium1 Low2 Info0	The audit identified no critical vulnerabilities, with half of the findings resolved and the remaining acknowledged by the team, indicating a generally secure codebase with some minor outstanding issues.
Omniscia16-05-2023	Critical0 High11 Medium22 Low6 Info73	The audit uncovered several high-severity vulnerabilities in EtherFi's novel ETH2.0 staking system, most critically a front-run attack on withdrawal credentials, but the team addressed many findings before launch, leaving some residual risks acknowledged or partially mitigated.
Nethermind05-07-2023	Critical1 High6 Medium11 Low7 Info18	The audit uncovered one critical and six high‑severity vulnerabilities, all of which were resolved or mitigated by the ether.fi team, leaving a codebase with reduced but still present centralization risks and design complexities that warrant ongoing monitoring.
Solidified26-10-2023	Critical3 High0 Medium0 Low13 Info0	The audit uncovered critical security flaws that could lead to fund theft, but many issues were resolved or acknowledged before deployment, reducing immediate risk.
Hats Finance20-12-2023	Critical0 High0 Medium1 Low13 Info0	The audit revealed one medium-severity reentrancy bug and numerous low-severity issues, suggesting moderate security risks that require attention before production deployment.
Zellic11-01-2024	Critical0 High3 Medium2 Low2 Info2	The audit identified three high-severity issues, all of which were fixed prior to deployment, leaving no critical vulnerabilities in the scoped contracts. However, the assessment notes inherent risks from reliance on external protocols like EigenLayer and admin-controlled swap functions.
Zellic29-02-2024 - 11-03-2024	Critical5 High1 Medium3 Low1 Info1	The audit identified five critical vulnerabilities, all of which were acknowledged and fixed by EtherFi prior to deployment. The resolved issues strengthen the protocol's security posture for its liquid restaking operations.
Decurity01-04-2024 - 08-04-2024	Critical0 High0 Medium0 Low3 Info3	The audit identified only low-risk and informational issues, with no critical vulnerabilities found; several issues were fixed or acknowledged by the EtherFi team prior to the report's publication.
Halborn17-06-2024 - 19-06-2024	Critical0 High0 Medium0 Low1 Info2	The audit identified one low-severity and two informational issues, all of which were resolved or acknowledged, indicating a thorough security review with no critical vulnerabilities remaining.
Halborn23-07-2024 - 25-07-2024	Critical0 High0 Medium0 Low0 Info3	The assessment revealed only minor informational issues that were promptly resolved, indicating strong security hygiene for the EFIP-5 and EFIP-8 smart contract implementations.
Certora29-07-2024 - 08-09-2024	Critical0 High2 Medium12 Low5 Info11	The audit uncovered two high-severity flaws in withdrawal fairness and slashing, plus numerous medium-severity operational risks, indicating the need for careful fixes before production deployment.
Certora16-01-2025	Critical0 High0 Medium0 Low0 Info0	The audit identified a share inflation vulnerability in the burnShares function that could enable third-party contract drains, which was fixed prior to any fund loss.
Certora13-01-2025 - 23-01-2025	Critical2 High0 Medium1 Low1 Info0	The audit identified two critical vulnerabilities that could have allowed ownership takeover and fund theft, both of which were fixed prior to deployment. The remaining medium and low severity issues were also addressed, leaving no unresolved high-severity risks.
Certora05-03-2025 - 06-03-2025	Critical0 High0 Medium0 Low0 Info2	The audit identified only two informational issues, both of which were fixed, confirming the instant withdrawal merge into v2.49 is safe with no security vulnerabilities. The transition to role-based access control improves security and the changes are compatible with the existing system.
Certora10-02-2025 - 14-02-2025	Critical0 High1 Medium1 Low0 Info6	The audit identified one high-severity and one medium-severity vulnerability, both of which were promptly fixed by the EtherFi team, alongside several informational improvements. No critical issues remained after the fixes.
Certora08-01-2025 - 21-03-2025	Critical0 High0 Medium0 Low0 Info4	The audit identified only minor informational issues related to code quality, with no critical, high, or medium severity vulnerabilities found in the EigenLayer slashing integration changes.
Certora03-03-2025 - 07-03-2025	Critical0 High0 Medium0 Low2 Info5	The audit found only low and informational issues, all of which were promptly fixed, indicating a robust security posture for the Cumulative Merkle Distributor contract.
Certora01-08-2025	Critical1 High0 Medium4 Low1 Info6	The audit identified one critical vulnerability allowing arbitrary upgrades, four medium-severity logic errors, and several lower-severity issues, all of which were addressed by the client before the report's publication.
Certora09-07-202523-07-2025	Critical0 High0 Medium0 Low0 Info3	The audit identified three informational issues, with one fixed and two acknowledged, and no higher-severity vulnerabilities in the reviewed code changes.
Certora09-09-2025	Critical0 High0 Medium0 Low6 Info1	The audit found only low-severity issues, all acknowledged or fixed, indicating the upgrade poses minimal security risk; however, the scope appears limited to specific Pectra-related features rather than a comprehensive security review.
Certora01-09-2025 - 17-10-2025	Critical0 High1 Medium1 Low8 Info7	The audit identified one high-severity and one medium-severity vulnerability, both of which were fixed, along with several low-severity issues that were either fixed or acknowledged, indicating a generally secure implementation with some minor operational risks remaining.
Certora07-11-2025 - 04-12-2025	Critical0 High0 Medium0 Low2 Info2	The audit found only low-severity issues that were promptly fixed and informational recommendations, indicating a solid security posture for the reviewed changes with no critical or high-risk vulnerabilities.
Certora05-12-2025 - 20-01-2026	Critical0 High0 Medium0 Low0 Info8	The audit found only informational issues, with most already fixed and the remainder acknowledged, indicating the reviewed modules are in a relatively secure state with no higher-severity vulnerabilities.
Certora10-12-2025 - 13-01-2026	Critical0 High0 Medium8 Low14 Info19	The reaudit identified multiple medium-severity logic flaws and accounting issues, with several already fixed; however, numerous acknowledged issues remain, indicating residual risks in the protocol's upgrade and migration pathways.
Certora—	Critical0 High2 Medium2 Low3 Info11	The audit identified two high-severity issues affecting protocol solvency and accounting, both of which were fixed along with all medium and low findings. The remaining informational items were either addressed or acknowledged, resulting in a comprehensive security review with no critical vulnerabilities.
Nomos—	Critical0 High0 Medium0 Low1 Info2	The audit uncovered only low-severity and informational issues, all of which have been addressed via client updates, indicating a robust security posture for the deposit adapter contract.
Hats Finance—	Critical0 High0 Medium1 Low13 Info0	The audit uncovered one medium-risk reentrancy vulnerability and numerous low-severity issues, suggesting the codebase requires further remediation before production use to ensure robust security.

Backers

ether.fi's official website includes an "Investors" section displaying logos of the following firms: CoinFund, Amber, Arrington, Bankless, Foresight, CH1, 4RC, Collider, LVNA, Draper, Node, OKX, North Island, Pulsar, PunkDAO, Relayer, Selini, Whitestar, Version One, Purpose, Consensys. No specific funding round details (amounts, dates, or series) are disclosed on the official site, blog, whitepaper, or press kit.

Legal

Legal form

Special Economic Zone Company (SEZC)

Registration jurisdiction

Cayman Islands

Status and notes

Operating entity is Ether.Fi SEZC, a Special Economic Zone Company organized under Cayman Islands law. Terms of Use and Privacy Policy are available via the official GitBook legal section. The Privacy Policy lists the controller address: Strathvale House, 4th Floor, 90 North Church Street George Town, Grand Cayman, Cayman Islands, KY1 9012. Contact email: [email protected]. EU and UK representatives appointed for GDPR/UK Data Privacy Act compliance.