stake.link is the leading delegated liquid staking protocol for the Chainlink ecosystem, founded in 2017 by LinkPool. It operates as a decentralized, trust-minimized protocol that facilitates delegated liquid staking into Chainlink's official staking pools, managed by a consortium of 15 top-tier Chainlink Node Operators. When users deposit LINK, the protocol strategically allocates tokens across both the Community Staking Pool and the higher-yielding Node Operator Staking Pool, delivering a blended reward rate that typically exceeds what community stakers earn through native Chainlink staking alone. Users receive stLINK, a liquid receipt token that represents their staked LINK plus accrued rewards, enabling full DeFi composability while their underlying LINK continues securing the Chainlink network. The protocol is governed by the stake.link DAO through the SDL governance token.

What is stLINK and how does it work?

stLINK is the liquid staking token issued by stake.link when users deposit LINK for staking. It represents your staked LINK position plus all accrued staking rewards. stLINK operates through an automatic rebasing mechanism: approximately every two days, staking rewards are calculated and the stLINK supply increases proportionally, automatically growing your wallet balance without any manual claiming or compounding. This means your stLINK balance continuously increases over time. Unlike natively staked LINK which is locked for a minimum 28-day unbonding period, stLINK maintains full liquidity and DeFi composability — it can be transferred, traded on decentralized exchanges, used as collateral on lending protocols like Aave and Morpho, deposited into yield optimizers like Beefy, or wrapped as wstLINK for protocols that require non-rebasing tokens. Withdrawals through stake.link typically process within 1-7 days, and sometimes instantly if liquidity exists in the Priority Pool.

What is the SDL token and why should I stake it?

SDL is the governance and fee-sharing token of the stake.link protocol, serving three critical functions. First, SDL is a fee token — staking SDL returns a percentage of all protocol fees generated across the platform. These fees scale directly with the amount of LINK staked and rewards flowing through the protocol, meaning SDL stakers benefit from protocol growth. Second, SDL is a governance token that grants voting rights in stake.link DAO decisions through the governance forum at talk.stake.link, where proposals (called SLURPs) shape the protocol's future direction, fee structures, and treasury management. Third, staking SDL provides priority access to LINK staking deposits through the Priority Pool — when Chainlink's native staking capacity is full (currently capped at 45 million LINK), users with higher reSDL holdings receive preferential access to new staking capacity as it becomes available.

How does stake.link compare to native Chainlink staking?

stake.link offers significant advantages over native Chainlink staking across four key dimensions. Yield: stake.link delivers a blended APY by staking across both the Community Pool and the higher-yielding Node Operator Pool — the Node Operator pool has a fixed reward allocation that can produce substantially higher effective rates when not fully utilized, and stake.link passes this blended rate to all depositors. Liquidity: native Chainlink staking locks your LINK for a minimum 28-day unbonding period with a 7-day claim window, while stake.link issues liquid stLINK tokens that can be used immediately in DeFi (Aave, Morpho, Beefy, CowSwap) or traded on DEXs. Withdrawals: stake.link processes withdrawals in 1-7 days, sometimes instantly via the Priority Pool, versus the mandatory 28-day lockup in native staking. Auto-compounding: stLINK rewards compound automatically through rebasing approximately every two days, while native staking rewards must be manually claimed and restaked, reducing effective yield for passive stakers.

What analytics does stakedotlink.money track?

stakedotlink.money is the community-built analytics dashboard for the stake.link protocol, funded through governance proposal SLURP-60. It provides comprehensive real-time on-chain analytics including: Total Value Locked (TVL) across all staking pools with historical trend data; stLINK and SDL staking APY with breakdowns by reward source; Chainlink staking pool utilization rates and boost multipliers; DeFi integration yields tracking returns across Curve Finance, Morpho, Beefy, Folks Finance, and Uniswap; governance proposal monitoring with voting statistics; whale movement alerts tracking large staking and unstaking transactions; Priority Pool queue depth and estimated wait times; historical reward distribution data with interactive charts; and portfolio tracking when users connect their wallets. All data is sourced directly from on-chain smart contracts via the LinkPool subgraph, with Chainlink price oracles providing USD valuations — no centralized APIs or third-party data providers.

What is the Priority Pool?

The Priority Pool is a core feature of the stake.link protocol designed to provide fair and efficient access to Chainlink's native staking capacity, particularly when the official pools are full (currently capped at 45 million LINK). When maximum capacity is reached, any LINK deposited into stake.link is automatically queued in the Priority Pool. Unlike a simple first-come-first-served queue, access to available staking spots is meritocratically prioritized by your reSDL (staked SDL) holdings — users with greater commitment to the stake.link protocol receive preferential access. As soon as space opens in the Chainlink staking contracts (due to unbonding or capacity increases), the protocol automatically stakes queued LINK starting with highest-priority users. Once staked, stLINK is minted and made claimable. The Priority Pool effectively eliminates the need for users to constantly monitor staking capacity and manually time their deposits.

What is wstLINK and how is it different from stLINK?

wstLINK (wrapped stLINK) is an ERC-4626 compatible wrapper around stLINK designed for DeFi composability. The key difference is how rewards are represented: stLINK is a rebasing token — your wallet balance increases automatically every two days as rewards are distributed. wstLINK is non-rebasing — your token balance stays fixed but each wstLINK becomes worth more stLINK over time as rewards accrue. wstLINK exists because many DeFi protocols (lending markets, yield optimizers, cross-chain bridges) cannot handle rebasing tokens technically. By wrapping stLINK into wstLINK, users can supply it as collateral on Morpho, provide liquidity in the Curve wstLINK/LINK pool, deposit into Beefy yield strategies, or bridge it cross-chain — all while continuing to earn Chainlink staking rewards through the appreciating exchange rate. Converting between stLINK and wstLINK is always available at the current exchange rate with no fees.

What are the risks of liquid staking with stake.link?

stake.link, like all DeFi protocols, carries several risk categories that users should understand before depositing. Smart contract risk: the stake.link protocol contracts have been audited, but no audit eliminates all risk — a contract vulnerability could result in loss of funds. Slashing risk: Chainlink's staking system includes a slashing mechanism for malicious or poorly performing node operators; while stake.link's 15 NOPs are professionally operated, a slashing event would reduce the underlying LINK balance and stLINK value. Liquidity risk: stLINK's DeFi liquidity (on Curve, Uniswap, etc.) determines how close to 1:1 you can trade it for LINK — in periods of market stress, stLINK may trade at a discount before redemption. Withdrawal timing: redemptions through stake.link take 1-7 days and depend on available liquidity. Protocol risk: governance changes via SDL token holders could alter fee structures or protocol behavior. Chainlink staking cap risk: if the Chainlink staking cap is not increased, LINK may queue in the Priority Pool earning reduced or no rewards until capacity opens.

Which DeFi protocols support stLINK and wstLINK?

stLINK and wstLINK are integrated across multiple DeFi protocols, providing stakers with additional yield opportunities on top of base Chainlink staking rewards. Curve Finance hosts wstLINK/LINK liquidity pools on both Ethereum and Polygon, enabling deep liquidity for swaps with additional CRV and SDL incentives. Morpho offers two lending vaults where wstLINK can be used as collateral to borrow other assets, or supplied to earn lending yield. Folks Finance provides cross-chain DeFi access for wstLINK on Algorand-adjacent chains. Uniswap v3 hosts a stLINK/LINK concentrated liquidity pool for efficient small swaps. Beefy Finance offers auto-compounding yield strategies built on top of Curve positions. All live DeFi integration yields are tracked in real time on the stakedotlink.money analytics dashboard under the DeFi Integrations section.

How many node operators validate stake.link staking?

stake.link is operated by a consortium of 15 professional Chainlink Node Operator Principals (NOPs) — the same operators that run critical Chainlink oracle infrastructure securing billions of dollars in DeFi. These are not anonymous validators; they are established, professionally operated entities with reputations at stake in the Chainlink ecosystem. The 15 NOPs collectively manage LINK allocation across the Chainlink Community Pool and the higher-yielding Node Operator Pool, optimizing for the blended reward rate distributed to stLINK holders. This institutional-grade operator set is a key differentiator from other liquid staking protocols — the security model depends on the same professional infrastructure operators that Chainlink itself relies on. The full list of current NOPs and their allocation percentages is visible on the stake.link analytics dashboard.

What is reSDL and how is it different from SDL?

reSDL is a locked version of SDL represented as a non-fungible token (NFT), created when users lock their SDL tokens for a chosen duration. The key difference from SDL is compounded benefits: while SDL is the liquid governance token, reSDL provides a reward boost multiplier ranging from 1x (no lock) up to 9x (maximum lock duration), earned protocol revenue share in the form of additional stLINK rewards, enhanced voting power in governance proportional to the lock amount and duration, and priority access to LINK staking capacity through the Priority Pool. The reSDL NFT represents the locked position and can be transferred but not split — the entire locked amount moves together. When the lock period expires, users can either extend the lock to maintain their boost or withdraw back to liquid SDL. reSDL is the mechanism that aligns long-term protocol participants with protocol health — the longer and more you commit, the greater your share of protocol revenue.

Has stake.link ever been hacked?

No. Zero security incidents in 3+ years of operation with $60M+ TVL. The protocol has maintained a clean track record across all five independent audits and continuous operation.

What happens if there's a slashing event?

Impact is shared proportionally across stLINK holders — the exchange rate would decrease slightly. This has never occurred due to the 15 professional node operators with 100% uptime and $5B+ combined ETH stake backing their commitments.

How is the treasury protected?

Multi-sig addresses controlled by DAO governance. All smart contract upgrades are subject to a 24-hour timelock, giving the community time to review and react to any proposed change before it takes effect.

Where can I report a vulnerability?

Through the Immunefi bug bounty program, with payouts up to $100,000 for critical findings. Immunefi provides a structured, neutral disclosure process that protects both the reporter and the protocol.

Are the smart contracts open source?

Yes — fully open source at https://github.com/stakedotlink/contracts with all five audit reports publicly available in the audits directory. Anyone can review the code and audit history at any time.

stake.link Security: Audits, Risks, and Safeguards

Security Philosophy

stake.link was built on a foundational premise: the protocol should be as boring as possible in all the right ways. Smart contracts hold real user funds and operate continuously on a live blockchain — every deployment decision, every upgrade, and every dependency is a potential attack surface. The response has been to invest heavily upfront in multiple layers of defense rather than reacting after the fact.

That philosophy manifests in four concrete commitments: fully open-source contracts with no hidden logic, five independent audits from different firms across different points in the protocol's lifecycle, a 24-hour on-chain timelock on all upgrades, a $100,000 bug bounty on Immunefi, and Hypernative 24/7 CryptoSecOps monitoring that keeps the wider security research community actively engaged.

After 3+ years of operation and $60M+ in TVL across those years, no security incident has occurred. That track record is the most credible signal of all — but the defense-in-depth approach is what creates it, not luck.

The Five Audits

The contracts have been reviewed by five independent security firms at different stages of development. Using multiple auditors rather than one is intentional: different firms apply different methodologies, bring different threat models, and catch different categories of bugs. A finding missed by one auditor may be caught by another.

Auditor	Focus	Status
CodeHawks	Core staking contracts, early protocol architecture	Complete
Sigma Prime	Smart contract security, access control patterns	Complete
Zellic	Economic invariants, reward distribution logic	Complete
Trust Security	Protocol upgrade paths, proxy patterns	Complete
Cyfrin	Full protocol review — most recent (2024)	Complete

All five audit reports are publicly available in the audits/ directory of the open-source contracts repository at github.com/stakedotlink/contracts. Anyone can read the full findings, severity classifications, and resolution notes.

The most recent review — by Cyfrin in 2024 — covered the current production contracts. Running a fresh audit after significant protocol upgrades is standard practice for protocols that take security seriously, and the Cyfrin engagement reflects the protocol's commitment to keeping the audit coverage current rather than relying solely on older reports.

The 24-Hour Timelock

Every smart contract upgrade at stake.link is gated behind a 24-hour on-chain timelock. This means that even if a multisig signer account were compromised, an attacker could not immediately deploy malicious code — any proposed upgrade is visible on-chain for at least 24 hours before it can execute.

During that window, the community can observe the proposed change, validate it against expected protocol behavior, and take protective action if something looks wrong. This is not a soft policy — it is enforced at the contract level and cannot be bypassed even by multisig signers. The timelock contract holds execution authority and requires the delay to pass before any upgrade proceeds.

Treasury multi-sig address (6-of-8 multi-signature wallet)

0xB351EC0FEaF4B99FdFD36b484d9EC90D0422493D

DAO governance controls this 6-of-8 multi-signature wallet. All upgrades are proposed through this multi-sig and execute only after the 24-hour timelock expires.

Timelocks also protect against governance attacks. A proposal that passes through rushed or manipulated voting still cannot execute instantly — the 24-hour delay gives token holders time to respond, exit positions, or escalate concerns through community channels before a harmful change takes effect.

Bug Bounty Program

stake.link operates an active bug bounty program through Immunefi, the leading smart contract security platform. Immunefi provides a neutral third-party layer for coordinated disclosure — researchers submit findings through Immunefi's platform, which handles triage, communication, and payment processing according to a defined severity framework.

$100,000

Maximum payout for critical findings

The $100K ceiling keeps the bounty competitive for a focused protocol scope. A meaningful maximum payout signals that the protocol takes researcher incentives seriously — it is only worth hunting bugs in a codebase if the reward justifies the effort.

Bug bounties complement formal audits rather than replace them. Audits provide structured, time-bounded reviews by known firms. Bug bounties create a continuous, open-ended incentive for the global security research community to examine the contracts at any time. A vulnerability that emerges six months after an audit can still be caught and responsibly disclosed through the bounty program.

Researchers who discover valid vulnerabilities can report them at immunefi.com. All reports are handled with standard responsible disclosure practices — researchers receive credit and payment before any public disclosure.

Node Operator Security

stake.link's staking infrastructure is operated by 15 diversified professional node operators (NOPs). These are not anonymous validators — they are established infrastructure providers with long track records in Chainlink node operations and significant skin in the game across the broader staking ecosystem.

Collectively, the 15 NOPs represent $5B+ in combined Ethereum stake, a figure that reflects the operational scale and reputation each operator has built. Running Chainlink nodes requires technical sophistication, reliable uptime, and accountability to the broader oracle network — the bar for inclusion is high.

Operational record: All 15 node operators have maintained 100% uptime and zero slashing events throughout the protocol's history. Slashing in Chainlink staking penalizes operators for poor performance or malicious behavior — the absence of any slashing event reflects both the operator quality and the conservative performance standards required.

Diversification across 15 independent operators also reduces concentration risk. If one operator experiences downtime or an incident, the protocol continues operating via the remaining operators. No single operator failure can halt staking operations or materially impact user funds.

Risk Taxonomy

Honest security documentation includes a clear accounting of what can still go wrong. stake.link has mitigated many risks through design and auditing, but several categories of risk exist for any liquid staking protocol and should be understood by users before participating.

Smart Contract Risk

All funds held in the protocol are managed by smart contracts. Despite five independent audits and an active bug bounty, undiscovered vulnerabilities could theoretically exist. This is an irreducible risk in any on-chain protocol. Mitigations: open source code, multi-audit history, timelock on upgrades, continuous bounty program.

Slashing Risk

If a Chainlink node operator is slashed for underperformance or misconduct, the impact is shared proportionally across all stLINK holders — the exchange rate would decrease. This has never occurred in 3+ years. Mitigations: 15 diversified professional NOPs, each with 100% historical uptime and zero prior slashing events.

Liquidity Risk (Curve Pool)

stLINK liquidity is primarily in the Curve stLINK/LINK pool. In extreme market conditions or during a panic withdrawal scenario, pool imbalance could result in slippage when exiting large positions. Users who need immediate liquidity on large amounts should account for potential market impact.

Depeg Risk

stLINK is designed to maintain parity with LINK. However, market dynamics can temporarily push the trading price of stLINK below its underlying LINK value. This has historically been minor and corrected quickly via arbitrage, but the possibility exists during stressed conditions.

Liquidation Risk (Collateral Use)

If wstLINK is used as collateral in lending markets such as Morpho and the loan-to-value ratio approaches the liquidation threshold — due to price movements in LINK or the borrowed asset — the position may be liquidated. This is a function of how the collateral is deployed, not of the stake.link protocol itself.

These risk categories are not unique to stake.link — they apply to any liquid staking protocol. Understanding them allows users to size their positions appropriately and use the protocol in a manner consistent with their own risk tolerance.

Zero-Incident Track Record

Since launching, stake.link has processed hundreds of millions in deposit and withdrawal volume across 3+ years of continuous on-chain operation. During that time, the protocol has maintained a zero security incidents record — no hacks, no exploits, no unauthorized fund movements, no slashing events.

This is not a claim made lightly. The DeFi landscape during this period included multiple high-profile exploits affecting protocols with comparable TVL and audit histories. stake.link's clean record reflects both the quality of its security practices and the conservative, defense-in-depth approach taken from day one.

Security incidents

Slashing events

Years operating

Independent audits

It is worth noting what the analytics dashboard does and does not do from a security perspective. The stakedotlink.money analytics system is entirely read-only — it queries on-chain data and presents it visually. It holds no private keys, has no signing authority, and cannot initiate any on-chain transactions. The analytics layer cannot affect protocol security in any direction.

For users evaluating stake.link as a place to put capital to work, the combination of five audits, three years of clean operation, a live $100K bug bounty, Hypernative 24/7 monitoring, and 15 professional NOPs with zero slashing history represents one of the more thorough security postures in the Chainlink ecosystem.

stake.link Security: Audits, Risks, and Safeguards

Security Philosophy

The Five Audits

The 24-Hour Timelock

Bug Bounty Program

Node Operator Security

Risk Taxonomy

Zero-Incident Track Record

Frequently Asked Questions

Related Articles

stLINK vs wstLINK: What’s the Difference?

Liquid Staking vs Native Chainlink Staking

How to Stake LINK on stake.link (Step-by-Step)