Securing the Future of Liquid Restaking: Nethermind's Audit of Mellow Protocol

The Challenge: Building Trust in Cross-Chain Restaking

‍

As Ethereum's ecosystem expands across multiple layers, Mellow Protocol recognized an emerging need: enabling users to restake assets across chains without sacrificing liquidity. Their solution - a modular system for creating Liquid Restaking Tokens (LRTs) - promised to unlock new possibilities in decentralized finance.

‍

However, with this innovation came significant responsibility. The protocol would need to:

‍

• Safely bridge assets between Ethereum L1 and L2 networks
• Maintain rigorous security while implementing LayerZero's OFT standard
• Ensure flawless operation of their custom permission system

‍

‍

‍

Our Process: A Security Review Tailored for Innovation

‍

When Mellow engaged us, we understood we weren't just reviewing code - we were helping secure a new financial primitive. Our team approached the audit with this context in mind.

‍

We began by thoroughly examining their modified LayerZero OFT adapter. While the changes were minimal - primarily additional permission checks - we knew even small modifications to critical infrastructure could have outsized consequences.

‍

Over three weeks, we:

‍

1. Conducted line-by-line reviews of all cross-chain interaction logic
2. Verified the mathematical soundness of their staking calculations
3. Stress-tested their assumptions about fund flows between chains

‍

‍

‍

Findings That Mattered

‍

Our review surfaced several areas for improvement:

‍

The Rounding Question

‍

We identified a minor rounding issue in staking calculations. After running simulations, we determined the potential financial impact would be negligible - approximately $0.000001 per transaction. We presented the findings and let Mellow's team decide whether to address it.

‍

‍

Code Clarity Matters

‍

We suggested:

‍

• Removing redundant function visibility tags
• Correcting documentation inconsistencies
• Standardizing comment formatting

‍

These weren't security issues per se, but we've learned that clean code is more maintainable - and maintainable code tends to be more secure over time.

‍

‍

‍

The Outcome: Confidence Through Collaboration

‍

The Mellow team implemented most of our suggestions within days.

‍

‍

‍

Why This Work Matters

‍

This engagement exemplified our philosophy:

‍

1. Context matters - We take time to understand what makes each project unique
2. Proportion matters - We help teams prioritize based on real-world impact
3. Collaboration matters - We view audits as conversations, not inspections

‍

In an ecosystem where new financial primitives emerge weekly, we believe this approach creates the most value for innovative teams like Mellow.

‍

‍

‍

Nethermind Security

‍

We help groundbreaking protocols build with confidence. Start a conversation about your project's security

‍