About Everstake’s EverSOL Stake Pool
At the time of writing this post, Everstake is the biggest decentralized staking provider, trusted by 625 000 users. It helps secure PoS protocols (Solana, Polkadot, Ethereum, Terra, Cosmos, and many more).
How does the Everstake EverSOL Stake Pool work?
EverSOL Stake Pool provides an opportunity for staking delegators to gain more yield by enabling liquid staking and issuing liquid tokens (eSOL).
Delegators who stakes with EverSOL Stake Pool receive eSOL for every SOL they deposited to the pool. Deposited SOL tokens are then delegated to a set of selected validators, according to the EverSOL Delegation Strategy. EverSOL Stake Pool has instant unstake, and delegators can skip the general Solana unstake period and undelegate immediately. Minted eSOL tokens can be used in DeFi to generate additional yield.
According to the EverSOL Stake Pool roadmap, the EverSOL DAO will be created and play an essential role in the staking mechanism. Delegators will be able to choose from two options on how they can use their staking rewards:
- Delegators will be able to support the DAO. 7% of their rewards will be sent to the DAO’s Treasury (the funds will be used to fund Solana-based projects).
- Or delegators will choose to earn more rewards by sending rewards back to the Stake Pool SOL balance.
To learn more about the Everstake and EverSOL Stake Pool, read the official documentation here.
About the audit
Two auditors of Ackee Blockchain, engaged by Everstake, audited EverSOL Stake Pool between February 17 and February 25, 2022. The auditing process was performed with a total time donation of 5 engineering days.
During these five days, particular attention was paid to the findings from previous audits of the Stake pool program and the newly added functionality.
The security review was first performed by detailed manual code review – checking the code line by line for potential vulnerabilities or code duplications, then by testing and automated analysis – running client’s tests to ensure that the system works as expected, potentially writing missing unit or fuzzy tests using own testing framework Trdelnik. Furthermore, by local deployment and hacking – deploying the program locally, then trying to attack the system and break it.
Findings
Using our toolset, manual code review, unit and fuzzy testing led to the following findings:
- I1: Documentation and code mismatch
- I2: TODOs in production code
Only 2 issues with informational impact were identified, indicating that the audited code is secure and ready for production deployment. It should be noted that in both cases, these were general recommendations rather than safety issues.
Conclusion
Overall code quality is high as it is a program from the SPL library and the newly added functionality also copies this high standard. Documentation from Everstake significantly helped us understand the system overview.
Ackee Blockchain recommended Everstake to:
- address reported issues;
- monitor the SPL stake-pool program and apply major changes in the future, as the program is still in active development.
We were delighted to audit Everstake and look forward to working with them again.
The full Ackee Blockchain audit report of EverSOL Stake Pool with a more detailed description of all findings and recommendations can be found here.
