TL;DR

• Mellow is a novel restaking primitive that allows for permissionless LRT creation, based on their own risk profiles and curation models
  • This proposal requests endorsement following the Lido Alliance framework and is for consideration by Lido DAO token holders
  • This proposal was drafted with support from the interim Lido Alliance Workgroup
• As permissionless LRT middleware, Mellow will help curators launch their own LRTs backed by stETH
  • Lido will integrate descriptions and links to deposits in Mellow UI in stETH into the Lido landing webpage
  • Mellow will introduce a loyalty program for new stETH LRTs to maintain sticky liquidity
• The interim Lido Alliance Workgroup will review the proposal.
• Following the recommendation of the team or committee, the approval of Mellow as a Lido Alliance partner will be voted on by Lido DAO token holders through Snapshot

Background

Current LRTs force users into a one-size-fits-all risk profile for opting into different AVSes. This approach fails to address the diverse needs of users and tends to overexpose them to slashing risk. Mellow solves this by abstracting risk management and allowing for unlimited risk profiles, enabling anyone to curate different AVS compositions and risks.

• Restaking is evolving
  • Restaking allows Ethereum validators to repurpose their consensus capacity by opting in to validate additional third-party services. By doing that, in addition to staking rewards, restakers receive rewards and face slashing risks from these services, but these features are not yet implemented by major restaking protocols
  • So far, restaking has amassed a significant chunk of ETH supply, some ~$16B or 5.5M ETH, which are held by few major restaking protocols through both native staking and LRTs
  • More than half of this ETH is staked by a dozen of liquid restaking providers, which are riskier than native staking, but allow users to reuse their positions in DeFi
• Issues of restaking
  • Restaking modules, rewards distribution and slashing mechanisms for major protocols are still under development
  • Alignment of governance token holders and ETH restakers is vital for a successful protocol, and on issues of revenue sharing or risk bearing it can become a tug of war
  • Adding new layers of abstraction over tokenomics can be useful to align stimulus by contouring out some slashing and fork risks, but it makes the system complex and egalitarian
• LRTs landscape and issues, risks
  • LRTs represent a significant advancement in DeFi by enabling users to earn restaked ETH without sacrificing liquidity
  • LRTs market structure is similar to LSTs, with the difference that more differentiation will be possible so more players are expected to compete for a substantial share of the market
  • Top 4 LRTs capture more than 90% of restaked ETH, but overall, there are about 20 LRT providers with different implementations wrt validation infrastructure and native/liquid staking
  • Besides smart contract and depeg risk, restaking introduces novel slashing risks as users commit their ETH to validate both the Ethereum blockchain and AVSs–each LRT protocol determines which AVSs to validate using their pooled ETH, effectively managing the AVS risk for its users
  • Mellow offers an improved level of granularity of exposure to risks for users by enabling the creation of permissionless LRTs
• How Mellow fixes LRTs
  • Current LRTs force users into a single risk profile for opting into different AVSes
  • This approach fails to address users’ diverse needs and overexposes them to slashing risk
  • Mellow solves this by decentralizing LRT creation and allowing for unlimited risk profiles
  • LRT curators can create their own LRTs that fit their business’s risk/reward profile
• Composability and integrations
  • We propose launching Mellow’s novel LRT solution as part of the Lido Alliance, prioritizing stETH and offering the opportunity to restaking users to select the most secure collateral available for restaking
  • We expect Lido DAO to integrate descriptions and links to Mellow deposits in stETH into the Lido landing page.
  • In return, Lido DAO can expect Mellow to prioritize stETH as a collateral asset through loyalty programs or specific points multipliers
• Operators and AVSes
  • Restaking tech is not mature yet. It is only recently that solo restakers can choose operators to delegate their tokens, and payments from AVS back to restakers are not yet enabled by major protocols
  • From the perspective of LRTs, only a few of them have launched governance tokens, but their teams have already unilaterally decided on operators and AVS’ that users are exposed to
  • This illustrates the issues around trying to match LRT holders’ heterogeneous risk profiles with a Procrustean bed of homogeneous design in current LRTs
• LRT curation
  • At Mellow, we believe the future of restaking is decentralized, which means implementing permissionless LRTs
  • Mellow’s LRT curation process includes analytical coverage of LRTs issued using Mellow tech, collaboration with existing issuers on DeFi integrations, and aiding in onboarding new LRTs

Protocol overview

Mellow Protocol is an innovative liquid restaking protocol designed to operate within the dynamic environment of the AVS ecosystem. Mellow Protocol offers a series of vault smart contracts tailored to different risk profiles, managed by curators. These vaults rely on the inherent flexibility, composability and security of both Ethereum and restaking providers to mitigate AVS risks effectively.

The architecture of Mellow Protocol is engineered to adapt to the varying needs of its users while maintaining a high standard of security and transparency. By allowing permissionless LRT curation, Mellow enables depositors more flexibility regarding their desired level of exposure to risk, while still benefiting from the liquidity of staked assets. This is achieved by dynamically adjusting strategies within each vault based on real-time risk assessments and market conditions.

Mellow’s smart-contract framework is built to be extensible, allowing for the seamless introduction of new features and vault types with minimal changes to the existing codebase. This ensures a low attack surface while facilitating the development of additional products and services.

To further enhance its robustness and functionality, Mellow Protocol integrates with a variety of DeFi primitives and infrastructures. This integration provides best user experience, enabling seamless interaction with other financial tools and services within the ecosystem. Future iterations of Mellow Protocol are planned to include advanced features such as dynamic rebalancing of vault allocations to optimize risk-adjusted returns and minimize potential losses due to market volatility.

• Overview of Restaking
  • Through restaking protocols, stakers can choose to accept additional slashing conditions on their staked ETH for rewards from protocols whose state is secured by stakers’ assets.
  • Typical design enables the validation of various modules, including consensus protocols for L2s and appChains, data availability layers, virtual machines & application layers, creating new revenue opportunities for restakers.
  • Restaking protocols share the abundant security of Ethereum consensus by spilling it over to these modules, enhancing the reliability of their consensus and adding extra revenue source to restakers.
• Launching LRTs will be permissionless for curators/users
  • Although LRTs permit delegation to multiple AVS operators, permissioned LRT holders and LRT node operators have little to no choice in how these delegation sets are formed or how risks are managed.
  • Holders can only make adjustments by changing the amount of LRT to which they are exposed.
  • Allowing LRT curators to issue new LRTs with refined risk/reward ratios in a permissionless manner makes the possibility of malfunctions causing ripple effects and liquidation cascades across the entire ecosystem remote and unlikely.
• Fees mechanism for curators
  • LRT curators are incentivized to set a competitive fee on restaking revenue. Mellow plans to aid LRT curators to launch permissionless LRTs with deployment, maintenance and DeFi integrations.

SchemeLRT2650×2553 320 KB

What is Mellow’s Security Culture?

As a fully on-chain protocol, we give security a central role in both the development and maintenance of our on-chain products.

In the architectural design phase, we decompose the system into the smallest programmable modules or primitives possible. This allows for thorough testing of each module’s logic. We achieve 100% test coverage for each component and perform internal audits, ensuring high code quality and robust security for each component.

Upon completion, we assess potential edge effects that may arise when integrating various components, including external modules. Previously, when implementing ALM (automated liquidity management) strategies in Mellow, we developed integrations with other DeFi protocols, requiring a deep understanding of not only our own architecture but also that of integrated protocols like Aave and Uniswap. We’ve never had a single security incident.

We collaborate with renowned security experts and audit firms, including Chainsecurity, Statemind, and Spearbit, and we only release code to production after it has passed external audits.

Maintaining security for our on-chain products is equally critical. We use real-time monitoring systems, Grafana dashboards and alerting systems to ensure operational integrity, provide tools for problem diagnosis, and also make it a prerequisite to have a public bug bounty program.

Our Incident Response and Recovery Policy outlines the procedures for detecting, reporting, and responding to security incidents. It also details recovery steps, such as reverting to secure contract versions and notifying affected parties.

It’s worth mentioning that our products have been operational for over 1.5 years without a single security incident.

How will Mellow help the Lido Alliance achieve its mission

New integration with Mellow will benefit the whole Lido ecosystem and stakers, making stETH a one-stop vehicle for delegation to operators and different AVSes. stETH liquidity may be increased in addition to becoming prime LST vehicle available for onboarding to Mellow LRT.

• Ethereum-alignment and commitment to decentralize validation
  • By participating in the wide restaking ecosystem, Mellow would help to spread the geographical and technical decentralization efforts Lido does outside Ethereum validation.
  • As ETH has moved from Lido to EigenLayer, the weighted average node operator set has become significantly more concentrated, presenting a risk to decentralized validation
  • By encouraging users to use stETH in Mellow, we hope to increase the level of validator decentralization in restaking, positively influencing Ethereum integrity.
• Use-cases for stETH adoption and integration
  • stETH users will find new opportunities to deposit their assets in a restaking marketplace that is more transparent and offers more granularity with regards to risk exposure
  • stETH holders may benefit from exclusive opportunities for earning Mellow points
• Opportunities for node operators
  • Lido node operators could launch their own composable LRT and take control of the risk management process by selecting AVS’ suitable for their needs rather than face their imposition by LRTs or restaking protocols
  • They could also collaborate with curators to reach the same outcome and create bespoke LRTs for their customers, based on stETH

What does Mellow expect from Lido Alliance

• Endorsement
  • Lido DAO’s acceptance of Mellow as a member of the Lido Alliance
• Integrations
  • Mellow expects Lido to integrate descriptions and links to deposits in Mellow UI in stETH into the Lido landing page. After getting positive traction and if Lido Alliance sees it possible and bringing value, integration of deposits directly into any Lido UI.
• Ecosystem
  • Shared stance of Mellow and Lido Alliance on decentralization and security is a prerequisite to having a shared ecosystem centered around stETH with Mellow LRTs as satellites.
• Liquidity bootstrapping
  • Mellow seeks access to a partnership network to enhance its own business development efforts for liquidity provision within the system.
• Network
  • Lido DAO contributors and Mellow members will apply security best practices, refer talented individuals to each other, and collaborate in various ways to build a decentralized future for the Ethereum ecosystem.
• Consultation
  • Mellow anticipates benefiting from the Lido team’s extensive expertise in different aspects of the ecosystem and technology. This includes access to conversations with contributor groups for knowledge sharing, conducted in a limited and non-disruptive manner.

How much alignment collateral will be locked in the Alliance legal vehicle?

100,000,000 MLW tokens (10% of the total supply) will be locked in a Lido Alliance legal entity (e.g. Foundation) after TGE. These tokens will be held in perpetuity These tokens will be subject to the same vesting and cliff terms as the team tokens: a 12-month cliff following the TGE, and a 30-month vesting period beginning after the cliff (amending the edit following the received feedback).

Curators, assemble!

Node operators and other actors of staking landscape now have the opportunity to launch their own composable LRTs and take control of the risk management process by selecting appropriate services (AVS) that align with their vision and tech edge, rather than accepting imposed options by existing LRTs. By collaborating with Mellow, curators can create bespoke LRTs for the Ethereum ecosystem. If you want to onboard as LRT curator, kindly leave a comment below this proposal.

Can you share any background on previous fundraising and large existing investors?

Sure, the initial fundraising round took place in 2021.
Our major investors include:

• cyber•Fund
• Arrington Capital
• Robot VC
• ParaFi
• Lemniscap

1. Could you elaborate on the original fundraising goals and how they relate to your current activities?

2. What’s the relationship between Mellow and Symbiotic?

Thanks!

Great to see the first Alliance applications! I guess we will need to build a proper security assessment framework for onboarding Lido allies.
What are the MLW tokens by the way?

re:security framework the first step is published by the Lido Alliance temp WG here: Alliance Review and Security Checklist

1. The primary objective of our initial fundraising was to finance the development of ALM and vault infrastructure, which has been utilized by a number of protocols for efficient liquidity management.
2. Symbiotic and Mellow are two distinct entities with separate teams and history. Both are designed to be permissionless and share aligned values regarding their technical and ecosystem approaches.

MLW tokens have not yet been issued. It’s governance tokens from the Mellow Protocol that will be partially distributed to the Lido Alliance legal entity following the TGE, under the vesting and cliff terms described in the proposal.

Thank you! Is there any specification or outline of governing capabilities of the token? It is really difficult to understand the potential value of this alignment collateral at this stage.

We are currently exploring several key aspects for the utility of our token, which include:

• Participating in governance for LRTs where necessary
• Managing the UI listings process for LRTs
• Overseeing general protocol parameters
• Administering the protocol treasury

Comprehensive details on tokenomics and token utilization will be provided as we approach the token launch. Our overarching strategy is to transition protocol ownership to a DAO governed by MLW, thereby consolidating value within the DAO.

Except LRT, do you consider introducing more restaking-as-a-service middlewares. For example, ETH/stETH-related pools can directly connect to their own restaking middleware. By this way, certain amount of ETH/stETH reverse will be allocated to retaking.

Mellow - Alliance Workgroup (temporary) Review

Key Terms

Ethereum-alignment and commitment to decentralize validation

Mellow will allow the permissionless creation of LRTs. If stETH gains wide acceptance as a base asset within Mellow, the growth of the restaking landscape will support expansion of stETH use as collateral. In turn, this will support Ethereum decentralization through greater node operator decentralization.

In their application, Mellow points out that as ETH has moved from Lido to EigenLayer, the weighted average node operator set has become significantly more concentrated, presenting a risk to decentralized validation. To the extent that Mellow makes it possible for stETH to secure restaking activities at the base layer, Ethereum validation decentralization should continue to improve.

Use-cases for stETH adoption and integration

There has been strong demand to allocate stETH towards restaking, but it has been capped through artificial limits imposed in a discretionary manner at the restaking middleware level.

Mellow will allow stETH users to restake their collateral without having to renounce the security, liquidity and decentralization features of stETH. Furthermore, Mellow’s permissionless design is a highly dynamic architecture that combines well with allowing users to select their own levels of risk exposure.

Opportunities for node operators

Node operators could collaborate with LRT curators, or even launch their own LRTs, with a view to take back control of the risk management process usurped by monolithic restaking architecture.

Security Review

Please see “Security Culture” section here for further detail

What are the processes for putting code into production?

What is the release flow from the security perspective?

We have a multi-step process:

• Write the code
• Document the code and how it works
• Make internal team review
• Make 1-3 external security audits
• Make a testnet deployment
• Ship into production

How does the team decide the code is ready for mainnet?

• The code is well-documented
• The code is reviewed by our internal team
• The code is audited by at least one auditing firm
• The deployed bytecode is verified against the audited hash
• Acceptance tests for deployed contracts params pass
• All the necessary monitoring tools are deployed

Does the protocol have public audits? What parties conducted the audits?

The product is audited by Statemind, available at https://github.com/mellow-finance/mellow-lrt/blob/main/audits/202405_Statemind/Mellow%20LRT%20Final%20report.pdf

What’s the issue summary (total issues / total fixed / crits and highs / crits and highs fixed)

Critical: 0

High: 0

Medium: 4 (4 fixed)

Informational: 21 (15 fixed, 6 acknowledged)

How is the deployment verified against the audit?

Bytecode is verified, acceptance tests match param specs, param specs are verified by the Mellow and Lido teams

What are the processes for managing security through TVL growth?

Is there a bug bounty? if yes — which and where

Not yet announced but there is a bug bounty planned

Are there limits / thresholds on the project / TVL? Who controls those?

Each vault has a 10 000 eth cap at launch, controlled by join Mellow and Lido multisigs

Are there any user funds on a multisig?

No

Is the code upgradable? How and who controls upgradability?

The code is upgradeable by Mellow and Lido team

What is the likelihood that the project will endure?

Is the project incorporated? How the legal structure looks like?

The project is incorporated in BVI. It’s the operational company that holds IP and will perform TGE.

What’s the funding situation?

The project is funded, initial fundraise took place in 2021 and was led by cyber.Fund, Arrington Capital, ParaFi, Robot VC.

What is the team size?

9

Is the code open source? What’s the license?

Yes, BSL (for 1 year).

Executive Summary

Recommendation: Accept

The temporary Alliance Workgroup recommends accepting Mellow and endorsing it for the Lido Alliance.

gm gm Temp Alliance WG member here

We’re be looking to add co-bounty clause to the list in the proposal; it kinda makes sense to have a proper bug bounty from the get go for the vaults built on top of StETH, and from convo with the Mellow team some help with know-how from Contributors end, as well as more bounty coverage, would be welcomed

Snapshot vote started

The Lido Alliance application: Mellow Snapshot has started! Please cast your votes before Thu, 06 Jun 2024 15:00:00 GMT

Sorry to say that there’s a difference in “proposed terms and conditions” between the forum post and the snapshot vote text due to an operational error. The post has the clause “These tokens will be held in perpetuity” concerning alignment collateral crossed out as an edit. It has erroneously gotten into the snapshot text. To not restart the ongoing vote, I propose to schedule the amendment in case the current proposal gets accepted by the DAO. @s0xn1ck would you be up for changing the term if the vote passes?

Yes, the initial terms from the proposal are correct and we are totally up for changing the term and making amendment of the terms specified in the vote.

Thanks for clarifying that!

Snapshot vote ended

Thank you all who participated in the Lido Alliance application: Mellow Snapshot, the proposal passed!
The results are:
Onboard Mellow to Alliance: 56M LDO
No action: 61k LDO

The upcoming release of WstETH Mellow vaults is planned to have two admin-powered multisigs: 0x9437B2a8cF3b69D782a61f9814baAbc172f72003 (vault admin over the curator permissions, roles) and 0x81698f87C6482bF1ce9bFcfC0F103C4A0Adf0Af0 being proxy admin (ultimate power over the implementation, at very the least required to be able to react on emergency in case they arise). Both multisigs are to have 5/8 setup with the signers @s0xn1ck, @0xAlexEuler, @apeir99n,@armoking32, @kadmil_eth, @folkyatina, @e330acid and @psirex_ from Mellow Protocol, Gearbox and Lido Contributors sides.

@kadmil_eth is looking to join 0x9437B2a8cF3b69D782a61f9814baAbc172f72003 and 0x81698f87C6482bF1ce9bFcfC0F103C4A0Adf0Af0 admin multisigs on Mellow vaults with the address 0xa94e4adcec38074967b17f6e8856ab12368686b5