Rocket Pool

Stage 1
TVL $1.2B
rocketpool.net
2026-01-28
Chains ethereum

Risk Assessment

Upgradeability
48h+ Timelock
Admin Control
DAO Governance
Fund Access
Restricted
Audits
Extensive
Oracle
Decentralized
Track Record
3+ years

Rocket Pool Risk Assessment

Overview

Rocket Pool is a decentralized Ethereum staking protocol that enables users to stake any amount of ETH while receiving rETH, a liquid staking token. Unlike centralized alternatives, Rocket Pool uses a permissionless node operator network where anyone can run validators with just 8 ETH (plus RPL collateral).

rETH is described as “the purest liquid staking token in DeFi” due to its fully distributed and trust-minimized design.

Smart Contract Risk

Contract Architecture:

  • Trust-minimized smart contracts handle deposits and rewards
  • Minipool contracts manage individual validators
  • RocketStorage provides upgradeable registry pattern
  • Watchtower nodes monitor network health

Code Quality:

  • Audited by Sigma Prime, ConsenSys Diligence, and Trail of Bits
  • Atlas upgrade audit completed
  • Open source with comprehensive documentation
  • Bug bounty program active

Attack Surface:

  • Node operators cannot access depositor funds directly
  • Minipool design isolates validator risk
  • Oracle DAO provides off-chain data
  • Slashing penalties shared across depositors

Admin/Governance Risk

Governance Structure:

  • Protocol DAO (pDAO) for on-chain governance (Houston upgrade)
  • RPL token holders vote on proposals
  • Oracle DAO (oDAO) handles off-chain data submission
  • Guardian multisig for emergency functions

Oracle DAO:

  • Elected node operators submit validator performance data
  • Strong trust assumption in oDAO member behavior
  • Effectively custody user funds through data submission
  • Multiple independent members provide redundancy

Houston Upgrade (2023):

  • Introduced on-chain governance via Protocol DAO
  • Improved flexibility for node operators
  • Governance now more decentralized

Trust Assumptions:

  • oDAO members must behave honestly
  • Node operators post RPL collateral as bond
  • Slashing risk distributed across all depositors
  • No dedicated bond per depositor

Oracle Risk

Decentralized Oracle DAO:

  • Elected node operators submit data
  • Multiple independent data sources
  • Consensus required for submissions
  • Manipulation requires majority collusion

Oracle Security:

  • Distributed responsibility across oDAO
  • Economic incentives for honest behavior
  • RPL stake at risk for misbehavior
  • Watchtower nodes provide monitoring

Economic Risk

Liquidity Risk:

  • 635,000+ ETH staked as of 2026
  • 4,000+ independent node operators
  • rETH/ETH liquidity on major DEXs
  • Withdrawal mechanism via fresh deposits or minipool exits

Withdrawal Considerations:

  • Exit requires fresh ETH deposits or node operator exits
  • Arbitrage may be limited during severe market stress
  • No instant withdrawal guarantee
  • Queue-based withdrawal system

Operational History:

  • Mainnet launched November 2021
  • Houston upgrade December 2023
  • Saturn upgrade planned February 2026
  • No major smart contract exploits

Stage Assessment

Stage 1 Criteria Met:

  • Governance-controlled upgrades with timelock
  • On-chain Protocol DAO governance
  • Distributed node operator network
  • Multiple independent audits
  • 3+ years operational track record

Why Not Stage 2:

  • Oracle DAO introduces trust assumption
  • Contracts upgradeable via governance
  • oDAO members effectively custody funds
  • Slashing shared (no per-depositor isolation)

Justification: Rocket Pool achieves Stage 1 (Limited Trust) status due to its permissionless node operator design, on-chain governance, and distributed architecture. The protocol represents the most decentralized liquid staking option available. However, the Oracle DAO trust assumption and upgradeability prevent Stage 2 classification. The transition to more decentralized governance should be monitored for potential stage advancement.