| Author(s) | @abbey on behalf of Protocol Council |
|---|---|
| Created | Mon Jul 21, 2025 |
| Proposal | ELIP-005 & ELIP-006, ELIP-009 |
| Status | Approved |
This document is an official communication between the EigenLayer Protocol Council and the community. It aims to provide transparency with the EigenLayer ecosystem regarding upcoming protocol upgrades and network changes.
In this report, we present the outcome and evaluation of the Protocol Council’s review of ELIP-005: Simplification and Enhancement Of EIGEN and BackingEIGEN Token Contracts, ELIP-006: Redistributable Slashing, and ELIP-009: MOOCOW: Massively Optimized Operations for Consolidation and Withdrawals.
What’s Redistributable Slashing?
Slashing (ELIP-002) is a key piece of EigenLayer’s vision; it enables enforcement of crypto-economic commitments made by Service builders to their consumers and users. When leveraging slashing on EigenLayer today, security funds are always burned or locked when penalizing Operators. This creates a challenge for builders of use-cases that involve lending, insurance, risk hedging, or, broadly, commitments with a need to compensate harmed parties or amortize risk.
Redistributable Slashing is a feature that gives Service Builders a means to not just burn, but repurpose slashed funds. Redistribution represents an expansion of the types of use-cases builders can launch on EigenLayer, by expanding the expressivity of slashing on the platform. A new type of Operator Set with strict configuration controls allows for specifying a redistribution recipient by the AVS that receives slashed funds. This new feature requires, and is shipped with, adjustments to the EigenLayer security model and stake guarantees for AVSs to support this new slashing paradigm.
ELIP(s) Overview
ELIP-005
Author(s): Bowen Li (Eigen Labs), Jeff Commons (Eigen Foundation)
The current implementation of EIGEN and BackingEIGEN (aka bEIGEN) token contracts includes several features that are no longer necessary or could be optimized:
- Transfer restrictions were initially implemented for the token launch phase but are no longer needed for normal operations.
- Minting functionality is currently split between contracts, creating unnecessary complexity.
- Token wrapping operations lack observability, making it harder to track and monitor these important operations.
These issues increase contract complexity and decrease maintainability, inflate gas costs, and make it harder to monitor token operations effectively.
This proposal aims to simplify the EIGEN and BackingEIGEN token contracts by removing deprecated transfer restrictions, consolidating minting functionality, and enhancing event logging for token wrapping operations.
These changes will improve contract maintainability, reduce gas costs, and provide better transparency and legibility for token operations.
ELIP-006
Author(s): Matt Nelson, 0xClandestine
ELIP-006 introduces minimal changes to the core protocol to implement redistributable slashing…
- to create a new type of Redistributable Operator Set,
- to handle a
redistributionRecipient, that replaces the burn address whenclearBurnOrRedistributableSharesis called to transfer funds out of the protocol, - to better decorate each slash with an identifier (
slashId) that helps in downstream programmatic redistribution and accounting.
These changes are externally facing in the AllocationManager interface. This is accompanied by changes to the storage of the AllocationManager as well. Internally, we have modified the ShareManager and StrategyManager interfaces, as well as some storage and internal logic.
ELIP-009
Author(s): Matt Nelson, Alex Wade, Matt Curtis (all Eigen Labs)
MOOCOW (Massively Optimized Operations - Consolidation and Withdrawals) is the latest EigenPod upgrade that leverages new Ethereum Pectra features to improve usability and dramatically reduce gas costs for native ETH restakers.
This upgrade introduces support for validator consolidation, providing up to 64x reduction in proof size and gas costs for restakers with multiple validators. Operators may convert existing validators to compounding 0x02 credentials, allowing Ethereum consensus layer rewards to compound directly without any user intervention or network fees.
In addition, MOOCOW provides support for execution layer triggerable validator withdrawals. This feature solidifies the EigenPod owner’s control over validator assets, opening new opportunities in staker-operator relationships. This feature is also crucial to and forwards-compatible with the planned implementation of redistribution for native ETH (See ELIP-006).
MOOCOW is fully backwards-compatible with existing EigenPod interfaces and the PEPE checkpoint proof system. The upgrade adds four new methods to EigenPods and enhances existing event systems without altering any existing method ABIs, making it completely opt-in for current integrations.
Council Evaluation
The Protocol Council unanimously approves ELIP-005, ELIP-006, and ELIP-009 for execution. All five Council members plan on voting in favor of all three ELIPs. The Protocol Council agrees that all they meet the following criteria:
-
The proposal has been thoroughly audited by a qualified team, with all reported issues of medium or higher severity either resolved or acknowledged.
-
The proposal has undergone comprehensive testing.
-
An operational plan, including automated testing and safety checks (e.g., Forge scripts), is in place.
-
The proposal advances the protocol and responsibly supports the growth of the EigenLayer ecosystem
-
The impact of the proposal has been fully and transparently considered by and communicated to relevant ecosystem stakeholders.
-
The proposal minimizes complexity, encapsulates new features as much as possible, and maintains credible neutrality.
-
The proposal does not compromise the overall security or reliability of the protocol.
-
The proposal has adhered to the established protocol governance process.
-
The development of the proposal has been conducted transparently alongside the broader EigenLayer ecosystem.
ELIP-005
ELIP-005 introduces minimal, well-justified changes that simplify the EIGEN and BackingEIGEN token contracts by removing deprecated minting logic, lifting outdated transfer restrictions, and adding helpful event logging. These changes improve gas efficiency, code maintainability, and overall developer experience. While one council member noted a potential conflict of interest as a coauthor, the technical impact is considered low-risk and largely amounts to overdue cleanup. Communication around the proposal has been limited but deemed sufficient given the scope and stability of the changes.
ELIP-006
ELIP-006 introduces Redistributable Slashing, allowing AVSs to redirect slashed funds to custom recipients (e.g. insurance pools or restitution mechanisms) instead of burning them—a shift that significantly alters the protocol’s threat model and increases slashing risk for stakers. While this enhances protocol expressivity and unlocks new use cases, it demands careful risk communication and UI clarity to ensure stakers understand and can manage these new trade-offs.
The proposal is well-designed with strong safeguards: OperatorSets must be designated as redistributable at creation, slashed fund recipients are immutable, and the redistribution process is isolated from the slashing function to prevent reverts. Protocol Council members commended the team’s fuzzing work, particularly around rounding precision, and noted that previous griefing vectors could now be exploited for gain, making security scrutiny critical. Although most changes are internal and backward-compatible, some integration points (like the modified slashOperator return type) may affect external systems.
There is broad consensus that the ELIP is thoughtfully constructed and supports long-term protocol growth, but several reviewers stressed the need for enhanced staker tooling, UI warnings, and public discourse to mitigate systemic and informational risks. This is widely seen as the most consequential ELIP to date—“scary but necessary”—and is approved with strong encouragement to continue investing in staker risk management infrastructure.
ELIP-009
ELIP-009 (“MOOCOW”) introduces key enhancements that align EigenLayer with Ethereum’s Pectra upgrade, most notably by integrating EIP-7002 (execution-layer-triggerable withdrawals) and EIP-7251 (MaxEB). The proposal enables validator consolidation within EigenPods, reduces proof size and gas costs, and improves validator lifecycle management—streamlining exits and lowering operational overhead. These upgrades are backward-compatible and enhance overall protocol ergonomics, positioning EigenLayer to support more advanced AVS use cases. The passthrough of Ethereum functionality is well-designed with sensible access controls, and the team’s UX implementation has been praised, particularly their decision to refund excess predeploy fees to users. While most user risks stem from the underlying Ethereum EIPs rather than EigenLayer itself, reviewers flagged edge cases like partial validator withdrawals (<32 ETH) and the continued need for external tooling (e.g. beaconcha.in) to monitor validator status. One concern raised was the opaqueness between execution and consensus layers, and the potential for oracles to improve this interface without increasing protocol complexity. Additionally, reviewers encouraged more public discussion and tooling support—especially around the EigenPod CLI. Overall, the proposal is seen as technically sound, strategically aligned, and well-executed, earning broad support from the Protocol Council.
—
All council members emphasized the importance of clear communication and robust educational efforts for stakers, given the elevated slashing risk introduced by redistributable slashing. As this feature alters the protocol’s slashing path and introduces a new risk/reward trade-off, it is critical that stakers understand the implications of opting into redistributable Operator Sets. Council members specifically called for comprehensive documentation, explicit UI cues (such as segregating redistributable sets and adding in-dashboard banners), and ongoing educational campaigns to ensure stakers can make informed decisions and properly assess their risk exposure. That being said, with the change to the stakers’ risk profile, the EigenLayer team should also consider creating a more robust set of tools for stakers to actively monitor and manage their risk.
Some council members noted a desire for more public discussion around validator support tooling—particularly the EigenPod CLI tool—and encouraged greater visibility of these conversations in the public forum to foster broader community engagement. While communication around proposals like ELIP-005 has been lighter, this was deemed acceptable due to the non-controversial nature of the changes and the proposal’s long-standing public availability.
Overall, the proposals were viewed as having been developed transparently with sufficient visibility across the ecosystem. Stakeholders—including operators, delegates, and AVSs—have had ample opportunity to review the proposals, and unique risks are expected to be clearly surfaced through first-party UI updates. The proposals strike a reasonable balance between expanding protocol expressiveness and managing complexity, with careful attention paid to risk mitigation, user legibility, and responsible protocol growth. All three ELIPs have undergone adequate testing, security audits (completed or in-progress), and adhere to the pre-established governance process. While new features inevitably increase complexity, council members appreciated efforts to contain this and expressed support for future simplification—particularly to benefit operator usability.
Additional Notes
- We believe there is still room to improve our review and evaluation processes to better align with industry best practices. All improvements to Protocol Council processes will be discussed and disclosed on forum.eigenlayer.xyz.