Mantle
About
Mantle is an EVM-compatible Ethereum L2 scaling solution built as a ZK Validity Rollup (transitioning from an optimistic rollup via Succinct's SP1) using a modular architecture that separates execution, data availability (EigenDA), proof generation, and settlement. It uses $MNT as its native gas token — keeping transaction costs a fraction of a cent — and is governed by $MNT holders who vote on ecosystem initiatives, treasury deployment, and strategic direction. Mantle also operates a suite of on-chain products including the mETH Protocol (ETH liquid staking + restaking) and partners with CeFi/DeFi platforms to extend capital efficiency for its assets.
Where Does Yield Come From?
Mantle offers several ways to earn yield, built on top of its Layer-2 network.
mETH Protocol — staking ETH for yield
The main yield source is the mETH Protocol. Users deposit ETH into the protocol on Ethereum's main layer (L1) and receive mETH tokens in return. These mETH tokens grow in value over time because they capture income from two sources:
- Staking rewards from Ethereum's proof-of-stake system, handled by professional node operators such as A41, P2P, Blockdaemon, stakefish, and Kraken.
- Lending rewards from a Liquidity Buffer — a pool that lends any ETH not currently staked into Aave (a lending platform) so users can withdraw instantly when needed.
The protocol keeps around 10% of the combined staking and lending rewards as a fee.
cmETH — restacking for extra yield
For higher potential returns, users can swap mETH one-to-one into cmETH. This cmETH token takes the underlying mETH and re-stakes it across multiple restaking platforms — EigenLayer, Symbiotic, and Karak — along with their operator networks. This earns additional restaking rewards on top of the base mETH yield. The cmETH protocol takes 20% of those restaking rewards as a fee.
MNT Rewards Station — locking tokens for partner incentives
Holders of the network's native token MNT can lock their tokens in the Mantle Rewards Station. In return, they earn tokens distributed from partner protocols as ecosystem incentives.
Treasury partnerships — yield from stablecoins
Mantle's own treasury generates yield through strategic partnerships. About 20% of treasury earnings come in the form of Ethena USDe, and the treasury also uses Agora AUSD and Ondo USDy — stablecoin-like assets that themselves produce yield.
L2 transaction fees — how the network pays for itself
On the Mantle network itself, users pay fees in MNT (converted via a pricing ratio that accounts for ETH/MNT exchange rates). These fees have two parts:
- L2 Execution Fee — covers the cost of processing the transaction on the Layer-2 chain (gas used × gas price).
- L1 Rollup Fee — covers the cost of submitting batches of transactions to Ethereum's main layer. Mantle uses EigenDA for data storage, which cuts the data-posting cost by an estimated 90% compared to writing all data directly to Ethereum.
Persons
Joshua Cheong
Product Lead at Mantle
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
| The Secure3 audit uncovered 8 critical vulnerabilities — including direct fund theft, reentrancy, and permanent asset lock — that were largely remediated before the report's publication, though several medium-severity oracle, gas-estimation, and txpool issues remain acknowledged for future fixes, indicating residual risk in the price-feeding and meta-transaction subsystems. | |
| The audit uncovered four critical vulnerabilities, two of which (sponsor overdraft and ERC721 bridge incompatibility) were fixed, while the remaining two were declined as non-issues; with 28 medium-severity findings largely acknowledged or fixed, the protocol addressed its most impactful risks, though residual gas-accounting and design concerns remain as acknowledged items. | |
OpenZeppelin09-02-2024 - 29-02-2024 |
| All 3 critical-severity issues were resolved before deployment, and no high or medium severity findings were identified; however, the report recommends additional QA and testing, particularly around DoS vectors and deposit transaction handling, before going live. |
OpenZeppelin31-01-2024 - 01-03-2024 |
| All critical and medium-severity vulnerabilities were resolved before publication, but the majority of low-severity and informational findings were acknowledged without fixes, and the report explicitly recommends stronger end-to-end testing of cross-chain features before going live. |
OpenZeppelin12-02-2024 - 28-02-2024 |
| The audit found one resolved medium-severity issue and several low-severity findings, with Mantle DA treated as a black box and no automatic fallback for outages, so residual risks remain around the Mantle DA integration and testing coverage that should be addressed before mainnet deployment. |
| The audit reveals 4 critical vulnerabilities in Mantle L2 Rollup V2, all of which were resolved by the development team, significantly reducing the most severe risks to the protocol; however, several high and medium issues — particularly around dependency vulnerabilities, insecure EigenDA connections, and data validation — were closed without fixes, representing residual risk that should be addressed before production deployment. | |
OpenZeppelin06-01-2024 - 27-01-2024 |
| The audit found no critical or high-severity issues; the single medium-severity finding was resolved, and the remaining low-severity and informational items were either acknowledged or fixed, indicating a generally sound diff update for Mantle V2's EigenDA integration and op-geth changes. |
Sigma Prime01-03-2025 |
| The audit found one high-severity issue (lack of cryptographic verification in the EigenDA integration) which the development team closed by relying on the local, non-exposed eigenda-proxy for commitment validation; three medium-severity issues were addressed via code changes or deprecation, while several low-severity findings remain open for the next version, posing limited residual risk to the protocol. |
Zenith (Code4rena)18-03-2025 - 23-03-2025 |
| The audit identified two high-severity vulnerabilities affecting Mantle's deposit transaction and preconfirmation logic, all of which (except one acknowledged low-risk timeout setting) were resolved and verified by Zenith, indicating the protocol's core preconfirmation handling has been meaningfully hardened. |
OpenZeppelin17-03-2025 - 25-03-2025 |
| All 13 identified issues were resolved or partially resolved during the audit engagement, including one critical and one high severity vulnerability, indicating that the Mantle team was responsive; the auditors recommend extensive additional testing and another audit round before production deployment given that the codebase was still evolving. |
Sherlock02-07-2025 - 22-08-2025 |
| The audit identified a substantial number of findings across DA reliability, EVM semantics, and EigenDA integration, with several critical data-loss risks being resolved before publication; residual acknowledged items (particularly the EigenDA trusted model and V1 dependency) should be tracked as the protocol matures. |
CertiK09-03-2026 - 02-04-2026 |
| The audit found no critical vulnerabilities; the single Major issue and almost all Medium and lower-severity findings were resolved during the engagement, with only 2 Medium and 3 Informational items acknowledged as acceptable operational invariants—indicating a well-managed security posture for the Arsia upgrade. |
MixBytes22-10-2025 - 11-11-2025 |
| The audit found no critical or high vulnerabilities, and only one of the six medium findings was fixed prior to re-audit, with the remainder accepted as manageable design trade-offs and operational safeguards, indicating a reasonable but not exhaustive security posture for the mETH protocol. |
Hexens22-10-2025 |
| The audit identified two medium-severity, one low-severity, and three informational findings, all of which were either remediated by the development team or acknowledged by the client as intentional design choices, resulting in an improved security posture for the Mantle Liquid Staking Platform update. |
BlockSec21-10-2025 |
| The audit found no critical or high-severity issues; the two medium-risk findings were fixed before the report, and the remaining confirmed low-severity donation attack carries limited residual risk for stakers. Overall, the BufferPool contracts were deemed adequately secured for their intended scope, though privileged roles and reliance on Aave introduce acknowledged operational risks. |
Exvul14-10-2025 - 20-10-2025 |
| No critical or high-severity vulnerabilities were found; all six medium-severity issues were either fixed (five) or acknowledged (one), and the conclusion states the audit result as PASSED, indicating a reasonable security posture for the Mantle LSP contracts. |
Mixbytes21-08-2024 - 15-10-2024 |
| The audit found no critical vulnerabilities, with the sole high-severity issue and all medium-severity items acknowledged by the client as either inapplicable to cmETH's limited asset scope or accepted as design risks, meaning no blockers were identified for deployment. The protocol retains significant centralization (noted as a medium finding), which the client mitigates through multisig controls and monitoring. |
Fuzzland20-10-2024 |
| The audit cleared the Mantle COOK/Position Manager contracts of critical and high-severity issues; the two medium findings were either resolved or accepted as intentional design, and the low findings were fixed or acknowledged, indicating a reasonable security posture for the audited scope. |
Quantstamp26-08-2024 - 09-09-2024 |
| All five findings and nine suggestions were addressed (fixed or acknowledged) with no new security issues identified in the final fix review, though insufficient test coverage across both repositories remains a concern for long-term safety. |
BlockSec15-10-2024 |
| No security vulnerabilities were identified in the audit; the two recommendations and one centralization-risk note are all acknowledged or confirmed without requiring fixes, making the Cook Smart Contracts appear sound for deployment based on this engagement. |
Secure311-09-2024 |
| The audit found no critical vulnerabilities in the production-relevant code, with the single High finding affecting only a test helper and the Medium finding fixed; remaining issues were either acknowledged with mitigations or declined as non-impactful in the client's deployment context, indicating a reasonably secure codebase at the time of assessment. |
Hexens19-08-2024 - 02-09-2024 |
| The audit found no critical or high-severity vulnerabilities, with the most impactful issue (missing access control on the sanctions list) and the only fixed finding (DoS in cross-chain messaging) resolved; the majority of low-severity findings were acknowledged as acceptable given cmETH's zero-fee, constant-share-price design, posing no material risk to the protocol's safety. |
Hexens25-08-2023 |
| The audit identified material risks around oracle centralisation and frontrunning in Mantle's liquid staking contracts, though no critical-severity issues were found; the client fixed or acknowledged all findings, meaning residual risk is limited to acknowledged design trade-offs and oracle trust assumptions. |
| The audit found no critical issues, but several medium-severity design concerns in Mantle's consensus-layer oracle logic—particularly around sanity-check bounds and withdrawal accounting—that could be exploited by sophisticated attackers; most findings were acknowledged and fix strategies were in progress at the time of publication. | |
MixBytes04-10-2023 - 21-11-2023 |
| All findings were either acknowledged or fixed; the three high-severity issues were addressed (two acknowledged by design with multisig safeguards, one fixed), leaving no unresolved critical or high threats, though the protocol retains a trust model relying on admin/multisig integrity for several acknowledged items. |
Secure313-10-2023 |
| The audit found one critical finding (declined) and 20 medium-severity issues, of which only 4 were fixed while the remainder were declined, indicating meaningful residual risk in concurrency, authentication, and RPC handling for the LSD oracle service. |
Secure312-10-2023 |
| The audit identified two critical and three medium-severity findings; the most impactful issue (unburned mETH skewing exchange rate) was acknowledged but deemed intentional by design for simplicity, while the critical cancelUnfinalizedRequests issue was declined with a technical rationale — the protocol should carefully monitor oracle quorum configuration and exchange rate arithmetic before mainnet launch. |
Verilog Solutions21-11-2023 |
| The audit found no critical, high, or medium severity vulnerabilities, only two low-severity issues and one informational item, all of which were either resolved or acknowledged, indicating a strong security baseline for the Mantle LSP L2 token contract. |
Backers
Mantle operates a $200M EcoFund catalyzed capital pool that backs transformative projects through 20+ leading venture capital firms. The EcoFund's Strategic Venture Partners include: Alumni Ventures Blockchain Fund, Animoca Ventures, Bankless Ventures, Cadenza Ventures, Dragonfly Capital, Figment Capital, Folius Ventures, Ghaf Capital Partners, Hashed, Hashkey Capital, Leadblock Partners, Lemniscap, Pantera Capital, Play Ventures, QCP Capital, Republic Crypto, Selini Capital, SevenX Ventures, Shima Capital, Spartan Group, Whampoa Digital, and Gam3 Girl Ventures. The homepage also names Polychain and Dragonfly as two leading VCs involved with the EcoFund. Mirana Ventures plays a strategic supporting role for the EcoFund, leveraging its venture capital expertise, and has an investment track record spanning over 30 funds. Bybit is listed as a key partner supporting Mantle's liquidity and DeFi-CeFi interoperability. On the group website (group.mantle.xyz), strategic alliances and partnerships include Bybit, EigenLayer, Succinct, Mirana, Galaxy, AntAlpha, Ethena, Securitize, Brevan Howard, VanEck, Dragonfly, and Selini. Mantle itself is described as "An innovation pillar under Mantle" (the group entity). Mantle Treasury is cited as one of the world's largest on-chain treasuries at approximately $3B AUM. The project originated from the BitDAO community, and $MNT was created via a migration from $BIT. No specific venture capital fundraising rounds (e.g. Series A, seed round amounts) or dates for Mantle Network itself were found on its official sources — it appears to have been funded through the BitDAO/Mantle treasury and token ecosystem rather than traditional external VC rounds for the protocol itself.
Legal
Status and notes
Operator identified as "Mantle" (no specific registered legal entity name disclosed on official sources). Terms and Privacy Policy effective 30 November 2022. The Terms state they are governed by the laws of Singapore (Section 12.1) and disputes are resolved via SIAC arbitration in Singapore. The website footer describes Mantle as "An innovation pillar under Mantle" (referring to a group entity at group.mantle.xyz). The Terms (Section 2.2) describe Mantle Network as "a layer-2 blockchain incubated by a decentralized autonomous organization." Contact email: [email protected]. No imprint, company registration number, registered address, or specific legal form (e.g. foundation, LLC, association) is disclosed on the official website or Terms pages.