Everstake lump sum deposit contract audit

Everstake is a blockchain infrastructure provider that operates validators across multiple networks. The ETH2 Block Deposit Contract allows multiple validator deposits to be consolidated into a single transaction and atomically delivered to the official ETH2 Deposit Contract.

Everstake partnered with Ackee Blockchain Security and donated a total of 2 days of engineering time between November 11 and November 14, 2025 to conduct a security review of the Everstake ETH2 Block Deposit Contract.

Everstake then worked with Ackee Blockchain Security to conduct a revision review of the results of previous revisions.

methodology

Technical specifications verification
The scope of the audit is confirmed with the client and the auditor joins the project. Review the provided documentation and compare it to your audit system.
Tool-based analysis
In-depth scanning using the Solidity static analysis tool Wake, along with the Solidity (Wake) extension, is performed to flag potential vulnerabilities for further analysis early in the process.
Manual code review
Auditors manually check code line by line to identify vulnerabilities and code quality issues. The main focus is recognizing potential edge cases and project-specific risks.
Local deployment and hacking
The contract is deployed to the local Wake environment where targeted attempts to exploit the vulnerability are made. The resilience of the contract against various attack vectors is evaluated.
Unit and fuzzy testing
Unit tests are run to verify expected system behavior. Once coverage gaps are identified, you can write additional unit or fuzz tests using the Wake framework. The goal is to verify the stability of the system under real-world conditions and ensure robustness to expected and unexpected inputs.
Wake-AI support vulnerability discovered
The final step involves checking coverage against Wake AI, an LLM-based audit tool, to identify potentially missed vulnerabilities. This step is executed at the end of the audit process to avoid interfering with the auditor’s own review.

We began our review using static analysis tools, including Wake. We then performed a thorough manual review of the code, focusing particularly on integration with the canonical ETH2 deposit contract. During the review process, we paid special attention to the following:

Ensures that gripping or forward attacks are impossible.
Ensures interactions with external contracts are implemented correctly.
Ensures compatibility with the latest Ethereum protocol updates.
Verify that the system’s calculations are correct.
I’m looking for common problems like data validation.

At the end of our review, we discovered issue I2 using Wake AI.

range

An audit has been performed on the commit. c2c12ba(1) In the contract repository, the scope is:

contracts/ETH2BatchDepositConsolidation.sol

In-scope agreements were also distributed. 0x4ff41fa0f4e77129c4c0607994050473c2067e6d Mainnet address.

Findings

The classification of security findings is determined by two subscales: Impact and Probability. This two-dimensional rating provides a more noise-free view of the severity of the problem without loss of information. The probability factor reduces the severity of intermediate issues that the team typically recognizes as information and warnings.

Here are the results of our review: 2 items found Information Severity:

critical severity

No critical severity issues were found.

Severity High

No high severity issues were found.

medium severity

No medium severity issues were found.

low severity

No low-severity issues were found.

warning severity

Warning Severity No issues were found.

Information Severity

I1: Limited deposit verification

I2: Missing confirmation of accumulated deposit amount

trust model

This contract is permissionless and does not introduce any additional trust assumptions beyond the official ETH2 deposit contract.

conclusion

Ackee Blockchain Security recommended Everstake:

- Investigate the findings and severity of the problem.
- Read and review the entire audit report. and
- Address any identified issues.

Ackee Blockchain Security’s full Everstake ETH2 Block Deposit Contract audit report can be found here.

We were delighted to appreciate Everstake and look forward to working with them again.

Everstake lump sum deposit contract audit

Omnipair Loan Audit Summary – Ackee Blockchain

Is Vault12 Review 2025 worth using?

Trident Arena Announcement – Ackee Blockchain

Phemex TradFi Hits $10B Monthly Volume, Advancing Cross-Market Trading Infrastructure

BMNR), Cathie Wood’s ARK Invest, And Payward To Expand Into Next Generation Technology

Ethereum attempts to hold above $2,000 as whales withdraw $155 million from ETH.

PrimeXBT Launches PXTrader 2.0, Bringing Crypto And Traditional Markets Into One Trading Platform

BYDFi Perpetual Futures Data Now Live On TradingView

3/11 Price Prediction: BTC, ETH, BNB, XRP, SOL, DOGE, ADA, BCH, HYPE, XMR

Ethereum Price Rejects Again, Market Watches Key Support Closely

Ethereum Price Rejects Again, Market Watches Key Support Closely

CoinPoker launches new app with Rake Free Poker, recruits Abby Merk and Papo MC

This Is Fine (Until the Grant Runs Out)

Ether Funds Turn Negative, But Bears Still Retain Control: Why?

Top Insights

Phemex TradFi Hits $10B Monthly Volume, Advancing Cross-Market Trading Infrastructure

BMNR), Cathie Wood’s ARK Invest, And Payward To Expand Into Next Generation Technology

Ethereum attempts to hold above $2,000 as whales withdraw $155 million from ETH.

Most Popular

Bitcoin surfs US PPI overshoot as BTC price recovers from decline below $59,000.

Notcoin entered the top 50 with a weekly gain of 335%.

From Democrats to SEC: Do not approve spot Ethereum ETFs and other cryptocurrency ETPs

Everstake lump sum deposit contract audit

methodology

range

Findings

critical severity

Severity High

medium severity

low severity

warning severity

Information Severity

trust model

conclusion

Related Posts