Renzo Protocol
TEMPEREDLiquid Restaking · Ethereum · $1B+ TVL · 10 contracts
Confidence 65%Z-Factor 0.60Updated 2026-05-17Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
724
BRI Score
3004756508251000
Security Profile
Access Control
70
70
Economic Soundness
68
68
Oracle Integrity
72
72
Compositional Risk
50
50
Governance
42
42
Maturity
62
62
Resilience
50
50
Supply Chain
78
78
Op Security
45
45
Cascade Exposure
89
89
Access Ctrl
70
70
Economic
68
68
Oracle
72
72
Compos.
50
50
Govern.
42
42
Maturity
62
62
Resilience
50
50
Supply Ch.
78
78
OpSec
45
45
Cascade
89
89
Min
42
Avg
63
Max
89
Audit History
Halborn
2024-01
Code4rena
2024-05
Bug Bounty Program
$250,000
Max payout on Immunefi
Assessment
Liquid restaking with proven depeg risk. Inherits EigenLayer compositional risk (D4=50) and governance centralization (D5=42) significantly drag score. No BlackHart findings but economic design issues are documented.
Dimension Breakdown
How scores work →Access Control
Weight 18%68% conf
70
arrow_forwardGood
+18Operator selection controlled by Renzo team
+18Deposit/withdrawal gated by protocol state
+18ezETH minting access open but redemption has been restricted
+18Admin keys control operator delegation and strategy
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%65% conf
68
arrow_forwardModerate
+17ezETH depeg events occurred (May 2024, ~18% depeg)
+17Restaking yield model depends on AVS reward sustainability
+17Withdrawal queue design caused liquidity crises
+17Points-based incentive model creates speculative pressure
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%70% conf
72
arrow_forwardGood
+18ezETH/ETH rate determined internally by protocol
+18External oracle feeds for cross-chain bridging
+18Rate oracle manipulation surface during depegs
+18Chainlink feed added post-depeg for external validation
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%70% conf
62
arrow_forwardModerate
+12Mainnet since January 2024 (~28 months)
+12Experienced significant depeg event (May 2024)
+12Protocol redesign after depeg (withdrawal improvements)
+12TVL ~$3B, moderate battle testing
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%75% conf
42
arrow_forwardConcerning
+14REZ token governance but largely centralized operation
+14Team multisig controls critical parameters
-58No meaningful timelock on operator changes
+14Withdrawal restrictions imposed unilaterally during stress
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%30% conf
50
Concerning
- Maximum resilience under independent adversarial testing
- Comprehensive security coverage across all attack surfaces
- Active bounty program incentivizes continuous scrutiny
- No validated adversarial findings — score set to neutral baseline
Operational Security
Weight 10%50% conf
45
arrow_forwardConcerning
-8No branch protection detected
-8No CI/CD pipeline detected
+45Strong PR review culture (80% reviewed)
-8Minimal development activity (0 commits/month)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%72% conf
50
arrow_forwardConcerning
-17Inherits ALL EigenLayer compositional risk
+25ezETH composed across lending protocols (Morpho, Aave)
-17Cross-chain bridging adds bridge risk layer
+25AVS slashing cascades through to ezETH holders
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%60% conf
89
arrow_forwardStrong
+30Appears in 2 cross-protocol cascade chain(s)
+30Member of 4 dependency cluster(s)
-11Score: 89/100 (higher = more isolated from systemic risk)
+30Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%80% conf
78
arrow_forwardGood
+26OpenZeppelin upgradeable contracts
+26Standard dependency stack
+26Cross-chain message passing adds bridge dependencies
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Governance & Upgradeability42
Operational Security45
Compositional Risk50
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "renzo"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("renzo")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.