Introduction to Puffer: Permissionless & Native Liquid Restaking

May 28, 2024

Written By:

From Staking to Liquid Restaking

The recent launch of the EigenLayer protocol and its “restaking” feature has taken crypto markets by storm—a protocol and concept we’ve previously written about herehere and here. As always in crypto, yesterday’s news is old news, and innovations and spin-offs are already cropping up left and right. Arguably the most important one for the time being has been the development of liquid restaking. As with regular staking on Ethereum, restaking through EigenLayer requires locking up staked assets. Liquid restaking utilises the same idea as liquid staking tokens but for restaking to unlock all this restaking liquidity.

With that said, the focus of this article is to provide an overview of Puffer Finance, a liquid restaking protocol built on EigenLayer, intending to give readers a basic understanding of liquid restaking, its associated benefits and risks, and how the Puffer Protocol leverages the liquid restaking concept to enhance staking opportunities; including looking at the protocol’s key features, the benefits for users, and its governance structure. However, if you’re new to liquid restaking, you may want to give Liquid Restaking: A Primer a quick read before diving into the rest of this article below.

Liquid Restaking

What is Puffer Finance?

Puffer Finance is a liquid restaking protocol designed to enhance the staking experience on the Ethereum network and make restaking more accessible, efficient, and secure. Puffer leverages the Eigenlayer protocol to implement liquid restaking, which is a platform that enhances the security and utility of staked ETH by enabling it to be restaked across different applications and services, so-called Actively Validated Services (AVSs). EigenLayer enables these services to bootstrap security and benefit from Ethereum’s extensive security base, making the entire ecosystem more robust and resilient. Through Eigenlayer, Puffer Finance can offer users additional reward opportunities without requiring them to lock up more capital, amplifying the yield potential of staked assets all while contributing to the security and decentralisation of the Ethereum network. 

Key Features of Puffer’s Liquid Restaking

Puffers provision of liquid restaking is built on a handful of distinct features, which include permissionless access, native restaking, ethos alignment, slash protection, and the introduction of validator tickets, outlined below.

Permissionless Access

One of the most notable features of Puffer Finance is its permissionless nature, which means that anyone can become a validator on the Puffer network without needing the substantial capital investment that, for example, traditional ETH staking requires (32 ETH). 

Puffer Finance lowers these barriers and democratises access to staking opportunities, allowing users to become validators with as little as 1 ETH. By enabling more participants to engage in staking, Puffer Finance promotes decentralisation and enhances the security of the Ethereum network.

Native Liquid Restaking

Puffer Finance was the first protocol to offer native liquid restaking on Eigenlayer and enable users to earn additional rewards from restaking activities while simultaneously benefiting from ETH PoS rewards. Native restaking enhances the yield potential of staked assets by allowing them to be used to extend Ethereum security to AVSs on EigenLayer and the chance for multiple earning opportunities.

For instance, when users stake their ETH through Puffer Finance, they earn PoS rewards for securing the Ethereum network. Additionally, their staked ETH is restaked within Eigenlayer, generating further rewards by providing security and liquidity to other services and applications. 

Slash Protection

Puffer Finance introduces a first-of-its-kind anti-slashing support to safeguard validators against penalties and ensure the safety of staked assets. Puffer’s anti-slashing technology mitigates the previously mentioned slashing risks by providing robust protection against accidental or malicious slashing events.

The protocol’s slash protection mechanisms include advanced hardware solutions that prevent double-signing and other behaviours that could lead to slashing. By implementing these measures, Puffer Finance enhances the security and reliability of its validators, ensuring that stakers’ assets are well-protected.

Validator Tickets

Validator tickets are a novel concept that seeks to align the incentives of node operators (NoOps) and ensure smooth Maximal Extractable Value (MEV) distribution. The idea builds on the research on “Execution Tickets“. You can think of validator tickets (VTs) as validator time at a discounted price. In order to run validators in Puffer, node operators lock VTs in the PufferProtocol contract. Each validator consumes 1 VT per day they are active, but only after the validator has been activated on the Ethereum Beacon Chain, meaning tickets are not expiring while in the queueing process. All VT accounting is performed off-chain by the Guardians and the VT mint price is set by the PufferOracle.

When VTs are purchased:

  • a portion of the funds go to the Puffer Protocol’s treasury
  • a portion of the funds go to the Guardians to subsidise their operating costs
  • the remainder goes to the PufferVault as rewards, increasing pufETH value


These tickets enable NoOps to run validators efficiently and earn rewards. Validator tickets represent a commitment to run a validator for a specified period, aligning the interests of NoOps with those of the protocol and its stakers. By requiring NoOps to lock validator tickets along with collateral, Puffer Finance ensures that they are incentivised to maintain high performance and avoid behaviours that could lead to slashing. Validator tickets also create new trading opportunities within the protocol, possibly enhancing the liquidity and flexibility of staked assets.

Burst Threshold

Puffer Finance is committed to maintaining Ethereum’s ethos by self-capping its validator market share at 22%, a self-imposed limit that ensures that Puffer does not threaten the network’s decentralisation and credible neutrality. Instead, by capping its market share, Puffer helps maintain the integrity of the Ethereum network and promotes sustainable growth and liquid restaking while avoiding the pitfalls of centralisation.

How Puffer’s Liquid Restaking Works

Puffer operates through a series of steps facilitated by smart contracts to ensure that staked assets are managed efficiently and securely. The process involves staking and minting pufETH, NoOp registration, provisioning and operation of validators, and reward distribution, which goes as follows:

Staking and Minting pufETH

Users begin by depositing ETH into the PufferVault to mint pufETH, the native liquid restaking token of Puffer, which represents the user’s stake and entitles them to future rewards by the protocol’s activities, including validator tickets and restaking rewards.

NoOp Registration

Node operators (NoOps) register to become validators by depositing validator tickets and collateral, a that process includes the following steps:

  • Validator Tickets and Collateral: NoOps deposit a minimum of 28 validator tickets and 1 or 2 ETH as collateral to the PufferProtocol contract, depending on whether the NoOp is using the Secure-Signer (1 ETH) or not (2 ETH).

  • Guardian Verification: Guardians perform off-chain verification to confirm the validity of NoOp registrations (more on them under the Governance section below).

ETH Provisioning and Restaking Operations

NoOps play a central role in managing validators, supported by the oversight of Guardians (more on them under the Governance section below) and the technical execution of Restaking Operators. Together, they follow a series of steps to ensure validators are effectively restaked and maintained within the protocol: 

  • ETH Provisioning and Validator Allocation: The PufferVault accrues 32 ETH chunks from deposits and rewards, which are allocated to the pending validators once a NoOp’s registration has been verified by the Guardians, who authorise the transfer of 32 ETH from the PufferVault to the RestakingModule’s EigenPod, where it is used to activate the validator.
  • Validator Management: NoOps manage their validators, earning PoS rewards and ensuring high performance as they contribute to the security of EigenLayer AVSs to avoid slashing penalties.
  • Restaking Operations: Restaking Operators select which AVSs to secure on behalf of the RestakingModules and stakers that have delegated assets to them. The job of the Restaking Operator is to ensure that staked assets are utilised efficiently and securely to generate additional rewards that flow back to stakers, NoOps, and the Restaking Operators themselves.


Rewards Distribution

Puffer’s reward distribution is designed to enhance the overall yield from staked assets and ensure that all participants benefit from the protocol’s operations. PoS rewards accrue in EigenPods and require Merkle proofs for claiming. Guardians post Merkle roots periodically, enabling NoOps to claim them. Execution rewards from transaction fees and MEV are immediately credited to NoOps’ specified wallets, and NoOps have full control over their MEV strategies to optimise their execution rewards.  Restaking rewards accrue similarly and are distributed to stakers, NoOps, and RestakingOperators. Accordingly, rewards are currently distributed as follows (though this could always be changed in the future):

  • NoOps: Receive 100% of the PoS rewards, all execution rewards, as well as a portion of the restaking rewards.
  • Stakers: Earn rewards as the value of pufETH increases from the combined PoS and restaking rewards.
  • Restaking Operators: Earns a commission from the AVS fees.
  • Guardians: Earn fees to cover their operational costs and incentivise honest behaviour.
  • Puffer Protocol: Collects a portion of the fees to support its growth and provide utility for the (upcoming) governance token.


Puffer Points

Earlier this year, Puffer introduced a points system in the runup to its upcoming mainnet launch, designed to incentivise user engagement and enhance liquidity on the platform. Users can earn Puffer points through various activities on the Puffer Finance platform, and are likely to play a part in Puffer’s teased token launch (still waiting on clear confirmation). How can I earn Puffer points you ask? Easy:

  • Depositing stETH: Users earn 1,000 Puffer points for each stETH deposited.
  • Holding pufETH: Users receive 30 Puffer points per hour for holding pufETH in their wallets.
  • Participating in liquidity pools across DeFi: Puffer Finance has integrated with several DeFi platforms to broaden the opportunities for users to earn Puffer points, including Pendle, Curve, Balancer, and more, where users can boost their points accumulation up to as much as 2x.

Accumulating Puffer points is expected to play a role in Puffer’s upcoming token airdrop, and thus provides an added incentive for users to earn Puffer points now, as they could be converted into valuable tokens in the future.

Liquid Restaking Flow

The Technology Behind Puffer Finance

Puffer leverages a multi-layered architecture for its liquid restaking that integrates several smart contracts and modules to manage the staking and restaking processes efficiently. The core components of this architecture include the PufferVault, PufferProtocol, PufferModuleManager, RestakingModules, Guardian Module, and Anti-Slasher Module; each playing a key role in ensuring the protocol’s functionality, security, and decentralisation. This section provides a technical overview of Puffer, describing its architecture and the key components that enable its operation.


The PufferVault is the entry point for stakers. When users deposit ETH into the PufferVault, they receive pufETH, a native liquid restaking token (nLRT) that represents their stake and entitles them to future rewards. The PufferVault serves as a secure repository for the staked ETH and facilitates the minting of pufETH, which accrues value over time based on the protocol’s rewards.


The PufferProtocol is the central contract that coordinates the liquid restaking activities within the Puffer Finance ecosystem. It handles the registration of Node Operators (NoOps), manages the allocation of ETH for validators, oversees the distribution of rewards, and manages validator states. The protocol ensures that all operations are executed according to predefined rules and that the interests of stakers and NoOps are aligned.

NoOp Registration: Manages the registration of NoOps by requiring deposits of ETH and validator tickets.

Validator Provisioning: Coordinates the provision of 32 ETH from the PufferVault to NoOp validators upon successful registration and verification by the Guardians.

Validator State Management: Oversees accounting processes and handles the custody of validator bonds and validator tickets to ensure that stakes are securely held and that VTs are appropriately managed and accounted for.

Rewards Distribution: Distributes PoS rewards to NoOps and restaking rewards to stakers.


The PufferModuleManager acts as both a factory and a coordinator for RestakingOperator contracts, responsible for creating and managing RestakingModules which are essential for the protocol’s restaking operations. The manager ensures that the delegation and management of ETH within the restaking process are efficient and secure.

Factory Role: The PufferModuleManager creates protocol-owned RestakingModules and RestakingOperator contracts using the UUPS upgrade pattern, allowing for future upgrades.

Manager Role: It coordinates calls to the RestakingOperator contracts and controls EigenLayer-related functions on the RestakingModule contracts, giving the DAO control over the operators and AVSs.

Delegation of ETH: The PufferModuleManager delegates ETH from the RestakingModules to RestakingOperator contracts, which then manage the restaking activities.

Restaking Operations: The manager ensures that the restaking operations are carried out smoothly and that the rewards are distributed appropriately among the participants.


RestakingModules are integral to the protocol’s architecture, providing a structured approach to managing validators and restaking operations. Each module controls an EigenPod, which functions as a single native restaker but is composed of many NoOp-controlled validators. 

EigenPods: Each RestakingModule contains an EigenPod that aggregates the staked ETH and manages its restaking within Eigenlayer.

Restaking Operators: The Puffer DAO selects restaking operators who are responsible for executing AVSs on behalf of the module. Operators ensure optimal performance and security, distributing rewards among stakers, NoOps, and themselves.

Consensus and Restaking Rewards: PoS rewards accrue in EigenPods and are claimed via Merkle proofs, while restaking rewards are distributed to enhance profitability for NoOps.

Guardian Module

As already introduced, the Guardians are trusted entities responsible for verifying NoOp registrations, provisioning ETH to validators, and monitoring validator performance. They perform off-chain verifications, authorise ETH transfers, ensure validators meet protocol standards, and take necessary actions to maintain network integrity.

Verification of NoOp Registration: Guardians perform off-chain verification to confirm the validity of NoOp registrations, ensuring that all required conditions are met before provisioning.

Validator Provisioning: Once a NoOp’s registration is verified, the Guardians authorise the provisioning of the validator with 32 ETH from the PufferVault. This step ensures that the validator meets all necessary criteria and is securely funded.

Performance Monitoring: Guardians monitor validator performance and can eject validators that fail to maintain required standards or run out of Validator Tickets.

Remote Attestation: Guardians validate remote attestation evidence (RAVE) for enclave validators to ensure they are running secure environments.

Anti-Slasher Module

The Anti-Slasher Module is designed to protect stakers’ assets from slashing penalties. It leverages advanced hardware solutions, specifically the Secure-Signer (see below), which utilises Trusted Execution Environments (TEEs) like Intel SGX to prevent behaviours that could lead to slashing.

Slash Protection: The module safeguards validator keys and ensures the production of only valid signatures, preventing double-signing and other slashable offences.

Enhanced Security: By implementing robust anti-slashing measures through Secure-Signer, the Anti-Slasher Module enhances the security and reliability of Puffer Finance’s validators.

Liquid Restaking Delegation


Secure-Signer is an advanced security feature integrated within the Anti-Slasher Module to prevent slashable offences, and works roughly as follows:

Key Generation and Protection: Secure-Signer generates and protects BLS validator keys within its encrypted and tamper-proof memory. These keys remain encrypted at rest and can only be accessed during runtime to sign non-slashable block proposals or attestations.

Integrity-Protected Database: Secure-Signer maintains a database of previously signed materials, ensuring only valid signatures are produced. This prevents double-signing and other behaviours that could lead to slashing.

Slash Protection: By safeguarding validator keys and ensuring the production of only valid signatures, Secure-Signer reduces the risk of slashing, providing additional security for validators.


Remote Attestation Verification (RAVe)

RAVe is a critical component that ensures the integrity and security of Puffer Finance’s operations by allowing enclaves to securely interface with blockchains. It works closely with the Guardian Module to validate the secure environment in which validators operate.

Remote Attestation Process: RAVe verifies that a validator is running a specific SGX enclave by generating a report that includes the enclave’s measurement and the entity that built it. The Guardians validate this report using RAVe smart contracts, ensuring its authenticity and security.

High-Integrity Compute: By providing high-integrity, off-chain confidential compute, RAVe ensures that validators operate securely and their keys are protected from unauthorised access. This process is critical for maintaining the overall security of the Puffer Protocol and remains overseen by the Guardians.

Governance of Puffer Finance

Given that Puffer Finance is a recently launched protocol, it is not surprising to find its governance under development and, for now, relatively centralised—though with a noteworthy veto backstop in the hands of community representatives. Over time, the communicated ambition is to cultivate a decentralised governance model in the form of the PufferDAO to oversee protocol operations and ensure alignment with Ethereum’s ethos. The current system governance structure primarily involves three multisig wallets, a timelock and an access manager contract, each serving distinct roles in managing and securing the protocol. Let’s take a look: 

Key Smart Contracts

When it comes to governance and access control, two smart contracts in particular are worth mentioning: 

AccessManager Contract

The AccessManager contract, based on OpenZeppelin’s AccessManager module, is responsible for setting fine-grained access controls for the protocol’s functions and pausing the system in case of an emergency. Roles within the AccessManager include admin, roles for upgrading contracts and roles for managing assets.

Timelock Contract

The Puffer protocol’s timelock contract enforces a one-week delay on critical operations, such as contract upgrades and certain function calls, and is central to the governance process. The contract ensures that changes cannot be made instantaneously, providing a safeguard period during which the members of the community can review and potentially veto changes. The timelock contract acts as the owner of the AccessManager, giving it sole authority to change permissions and manage roles within the protocol.


Multisig Wallets

The protocol utilises three primary multisig wallets, each with specific responsibilities and configurations to enhance security and decentralisation:

Pauser Multisig: A 1-of-9 multisig designed to pause the Puffer contracts in emergencies, and includes active monitoring systems to promptly pause the contracts if an invariant is broken or a security issue is detected.

Operations Multisig: A 3-of-5 multisig operated by the core team, responsible for initiating important function calls and upgrades, and overseeing the protocol’s day-to-day operations. Actions initiated by this multisig must pass through the timelock, providing a 7-day delay before execution that allows the community multisig to veto any potentially harmful actions. 

Community Multisig: A 3-of-5 multisig composed of reputable Ethereum community members that have the authority to bypass the timelock delay and veto actions initiated by the operations multisig; acting as a final check to ensure the protocol’s safe evolution over time.

Members of the Community Multisig:
  1. Justin Drake: Ethereum Foundation
  2. Anthony Sassano: Daily Gwei
  3. David Hoffman: Bankless
  4. Domothy: Ethereum Foundation
  5. Ladislaus: EthStaker Community


To summarise, the AccessManager contract is controlled by the Timelock contract holding the admin role within the AccessManager. The Timelock contract is, in turn, managed by both the Operations and Community Multisigs. The current configuration of roles and access controls has been designed to prevent unauthorised access and ensure that critical operations are subject to community oversight, where the timelock and multisig setup aim to provide a balanced approach to decentralisation and security before the DAO will, as stated by the Puffer core contributors, progressively take over many responsibilities from the multisig groups as the protocol matures.

Simply Stake and Secure your assets with the Ledger wallet.


Liquid Restaking


In conclusion, Puffer Finance provides a practical and innovative solution for enhancing staking on the Ethereum network through its liquid restaking solution. By integrating liquid restaking with EigenLayer, it offers permissionless access, native restaking, and robust slash protection, along with unique validator tickets. These features collectively democratise staking, improve capital efficiency, and contribute to the network’s security and decentralisation. The governance structure, though still developing, includes community oversight to ensure alignment with Ethereum’s principles with plans to evolve into the PufferDAO. With mainnet coming soon (how soon?), Puffers are eagerly accumulating as any Puffer points as they possibly can. Will we hear anythin about a token soon? Finger crossed. In the future, the stated aim is for Puffer to launch a layer-2 on the Eigen DA that in turn can support various oracle and bridge AVSs in the future, earning extra revenue for pufETH holders.




Disclaimer: This article contains affiliate links. If you click on these links and make a purchase, we may receive a small commission at no additional cost to you. These commissions help support our work and allow us to continue providing valuable content. Thank you for your support! 


This article is provided for informational purposes only and is not intended as investment advice. Investing in cryptocurrencies carries significant risks and is highly speculative. The opinions and analyses presented do not reflect the official stance of any company or entity. We strongly advise consulting with a qualified financial professional before making any investment decisions. The author and publisher assume no liability for any actions taken based on the content of this article. Always conduct your own due diligence before investing.