Puffer

Puffer pufETH

Puffer pufETH is a liquid restaking token on Ethereum representing staked and restaked ETH via EigenLayer. Yield is generated from Ethereum consensus and execution layer staking rewards plus EigenLayer restaking rewards, distributed across 97+ diversified PufferModules.

AUM

$60.73m+1%

APY

2.08%

B-Rated Protocol

Updated Mar 12, 2026

Risk Rating

B-

AAAAAABBBBBBCCCCCCD

This rating is based solely on publicly available information. The range from B- to A reflects the gap between the current assessment and the potential rating achievable if all identified improvement areas are addressed.

SCS: Smart Contract Security

KMP: Key Management Permissions

M: Market

L: Liquidity

C: Collateral

PM: Protocol Mechanics

ICE: Infra Counterparty Exposures

PCE: Protocol Counterparty Exposures

G: Governance

FR: Financial Resilience

TLC: Team Legal Compliance

DT: Documentation Transparency

Potential Score

Provider risk assessed across Business, Operations, Reliability, and Security.

View the detailed scoring breakdown

Challenge this rating

Contract Addresses

TokenContract

0xD9A4...6a72

Timelock

0x3C28...26eA

PufferOracle

0x0BE2...994f

AccessManager

0x8c16...EE11

PauserMultisig

0x1ba8...0Df4

CommunityMultisig

0x446d...Cb2a

OperationsMultisig

0xC089...580d

Key Strengths

Extensive audit coverage from seven independent firms including top-tier auditors, plus a competitive security review with 49 researchers
Hardcoded 7-day timelock minimum delay that cannot be reduced, protecting against timelock manipulation attacks
All multisig thresholds are on-chain verifiable via Gnosis Safe, with separate multisigs for community, operations, and pause functions
Admin key monitoring by two independent security firms confirmed by multiple auditors
pufETH maintained stable peg throughout over two years of operation including during a major TVL decline
Publicly identified 26-person team with named co-founders, headquartered in San Francisco with institutional backing
ERC4626 vault standard provides transparent on-chain accounting and permissionless withdrawals
Diversified validator infrastructure across 97+ PufferModules delegating to multiple restaking operators
No exploits, rug pulls, or user fund losses since launch; Ethereum Foundation grant recipient
Comprehensive documentation with active on-chain governance including passed improvement proposals

Key Risks

No active bug bounty program; prior competitive security review was a one-time event with no ongoing disclosure incentive
Security monitoring scope limited to admin key activity rather than comprehensive protocol-wide invariant tracking
Community Multisig can bypass the 7-day timelock for emergency execution, and signer identities remain undisclosed
TVL declined approximately 96% from peak, raising long-term sustainability concerns
No treasury transparency with limited verifiable financial reserves relative to protocol obligations
No documented incident response playbook or on-call process for emergency scenarios
PufferOracle relies on trusted guardian signatures for proof-of-reserves without independent verification fallback
Thin secondary market liquidity for pufETH relative to larger liquid staking tokens