stake.link
About
stake.link is a premier liquid staking platform building a decentralized, multi-chain future with Chainlink at its core. Founded by a consortium of top-tier Chainlink node operators, it allows users to stake assets from leading digital asset ecosystems (starting with LINK and POL) to receive liquid staking tokens (LSTs) that auto-compound rewards and can be used across DeFi. The platform aims to evolve into an on-chain LST Index where its native token SDL captures value from a growing basket of LSTs.
Where Does Yield Come From?
Yield from staking LINK and POL
The protocol earns yield by staking deposited tokens directly in their native staking systems. For LINK, deposits are staked in two places: the Chainlink Community Pool and the higher-yielding Node Operator Pool. For POL, deposits are staked in Polygon's own staking system.
The protocol takes fees from the gross (total) staking yield before passing rewards to users. The fee structure depends on which pool the LINK is staked in:
- Node Operator Pool strategy — 26% total fees: 5% goes to node operators, 15% to users who stake SDL (the protocol's own token), 3% to a DeFi-PoL fund (used to boost liquidity in trading pools), and 3% to core contributors.
- Community Pool strategy — 16% total fees: 10% to SDL stakers, 3% to DeFi-PoL, and 3% to core contributors.
How users receive rewards
Users get liquid staking tokens (called stLINK and stPOL) that represent their staked deposit. These tokens "rebasing" — their supply increases automatically roughly every two days as staking rewards roll in, so your balance grows. For those who prefer a token that doesn't change balance (easier to use in some DeFi apps), wrapped versions (wstLINK and wstPOL) are available.
Priority Pool and withdrawals
The Priority Pool is a smart queue that manages limited staking space. It gives priority to users based on how much reSDL they hold (SDL that is staked, optionally locked for a boost of 1x to 9x). The pool also keeps a liquidity buffer, allowing faster withdrawals (1–7 days) compared to the native 28-day cooldown.
Liquidity and multi-chain growth
The DeFi-PoL fee (3%) is set aside specifically to build liquidity in trading pools like Curve's stLINK/LINK market, so the LSTs can be easily traded.
As the protocol expands to more chains (currently stLINK, stPOL, stESP), fees collected from all these LSTs are distributed to SDL stakers. This means SDL stakers earn a growing, diversified stream of yield from the whole basket of liquid staking tokens.
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Sigma Prime01-08-2022 |
| The audit identified one high-risk issue and several medium-to-low severity issues, all of which were open at the time of the report, indicating unresolved security concerns in the core staking contracts. |
Sigma Prime01-01-2023 |
| The audit identified one high-risk issue (excessive fees) that was resolved, along with numerous low-severity findings, most of which were addressed by the development team. Overall, the review indicates thorough remediation efforts but highlights the need for ongoing validation and gas optimization improvements. |
Cyfrin07-03-2023 |
| The audit uncovered two high‑severity issues, one of which was resolved and the other acknowledged with admin discretion, alongside multiple medium and low findings that were largely addressed, leaving some acknowledged centralization risks and design assumptions. |
| The audit revealed several high‑severity vulnerabilities that were largely fixed before deployment, though some acknowledged risks remain in the migration process and centralization aspects. | |
Cyfrin14-08-2023 - 21-08-2023 |
| The audit revealed medium-severity risks around off-chain ordering and temporary fund locking, both acknowledged or fixed; residual risk remains in unverifiable off-chain components, but the codebase appears to have undergone typical security review. |
Trust Security01-10-2023 |
| The audit revealed one critical accounting flaw that was corrected, but several medium-risk issues remain acknowledged rather than fixed, leaving residual operational risks; centralization and upgradeability concerns persist due to owner privileges and off-chain dependencies. |
Trust Security30-04-2024 |
| The audit identified 4 high and 4 medium severity issues, all of which were fixed prior to the final report, while low-severity findings were acknowledged, indicating a generally robust security posture with some residual integration risks. |
Trust Security30-04-2024 |
| The audit revealed several medium-severity logic flaws and integration issues, most of which were fixed, leaving residual low-risk acknowledged items and centralization dependencies that should be monitored. |
Cyfrin29-07-2024 - 16-08-2024 |
| The audit uncovered critical storage and accounting flaws that could cause direct loss of funds, all of which were resolved before deployment. While the protocol's withdrawal upgrade introduces complexity, the comprehensive fixes and good test coverage provide reasonable assurance for the upgraded system. |
Codehawks30-09-2024 - 17-10-2024 |
| The audit revealed one critical high-severity flaw (missing token transfers) that was resolved, alongside several medium and low issues affecting withdrawals, deposits, and upgrades. While many findings were addressed, the scope indicates residual design risks in the staking and withdrawal mechanics. |
Cyfrin07-01-2025 - 16-01-2025 |
| The audit uncovered one critical vulnerability that was promptly fixed, along with two low-risk issues acknowledged by the team, demonstrating proactive security response while highlighting some residual design considerations for future upgrades. |
Trust Security13-01-2025 - 27-01-2025 |
| The audit uncovered one critical high‑severity issue that was fixed, along with multiple medium and low‑risk findings, most of which were addressed; residual acknowledged issues include a non‑functional removeStrategy() and potential reward‑dilution front‑running. |
Cyfrin25-02-2025 - 28-02-2025 |
| The audit found only minor informational and gas optimization issues, indicating the reviewed changes are secure and well-implemented. |
Cyfrin05-05-2025 - 09-05-2025 |
| The audit uncovered several medium and low severity issues, all of which were addressed by the team, resulting in a reasonably secure implementation with standard informational improvements noted. |
Cyfrin28-05-2025 - 03-06-2025 |
| The audit identified three low-risk issues and several informational improvements, all of which were addressed or acknowledged, indicating a well-structured codebase with adequate security considerations. |
Zellic20-06-2025 - 26-06-2025 |
| The audit found no critical vulnerabilities, with one high and one medium severity issue that were promptly addressed by the Stake.link team, indicating a generally secure implementation after remediation. |
Cyfrin30-07-2025 - 01-08-2025 |
| The audit identified a medium-severity access control flaw that was promptly fixed, along with several informational improvements and gas optimizations, resulting in a secure vesting contract after remediation. |
Cyfrin30-07-2025 - 01-08-2025 |
| The audit uncovered a single medium-risk access control flaw that was promptly fixed, alongside several informational improvements and gas optimizations, resulting in a generally secure vesting contract after remediation. |
Cyfrin26-01-2026 - 02-02-2026 |
| The audit uncovered two medium‑severity and five low‑severity vulnerabilities, with several fixes already applied; the remaining acknowledged issues pose manageable risks under normal operation but require careful monitoring. |
Cyfrin23-03-2026 - 24-03-2026 |
| The audit revealed one medium and one low severity issue related to batch update logic that could temporarily block reward distribution and deposits/withdrawals; both issues require mitigation before deployment. |
Legal
Legal form
Limited company
Registration jurisdiction
British Virgin Islands
Status and notes
Operates through StakedotLink Limited, a BVI-based legal wrapper for the stake.link DAO. Financial statements prepared by ht.digital, official accountant of StakedotLink Limited.