diff --git a/eth/p2p/auth.nim b/eth/p2p/auth.nim
index b146d25..7249287 100644
--- a/eth/p2p/auth.nim
+++ b/eth/p2p/auth.nim
@@ -485,7 +485,7 @@ proc decodeAckMessage*(h: var Handshake, input: openarray[byte]): AuthResult[voi
 
 proc getSecrets*(
   h: Handshake, authmsg: openarray[byte],
-  ackmsg: openarray[byte]): AuthResult[ConnectionSecret] =
+  ackmsg: openarray[byte]): ConnectionSecret =
   ## Derive secrets from handshake `h` using encrypted AuthMessage `authmsg` and
   ## encrypted AckMessage `ackmsg`.
   var
@@ -549,4 +549,4 @@ proc getSecrets*(
   ctx0.clear()
   ctx1.clear()
 
-  ok(secret)
+  secret
diff --git a/eth/p2p/rlpx.nim b/eth/p2p/rlpx.nim
index 21b6201..3ca6725 100644
--- a/eth/p2p/rlpx.nim
+++ b/eth/p2p/rlpx.nim
@@ -5,6 +5,8 @@
 #   * Apache v2 license (license terms in the root directory or at https://www.apache.org/licenses/LICENSE-2.0).
 # at your option. This file may not be copied, modified, or distributed except according to those terms.
 
+{.push raises: [Defect].}
+
 import
   std/[tables, algorithm, deques, hashes, options, typetraits],
   stew/shims/macros, chronicles, nimcrypto, chronos,
@@ -512,13 +514,14 @@ proc recvMsg*(peer: Peer): Future[tuple[msgId: int, msgData: Rlp]] {.async.} =
     await peer.disconnectAndRaise(BreachOfProtocol,
                                   "Cannot read RLPx message id")
 
-proc checkedRlpRead(peer: Peer, r: var Rlp, MsgType: type): auto =
+proc checkedRlpRead(peer: Peer, r: var Rlp, MsgType: type):
+    auto {.raises: [RlpError, Defect].} =
   when defined(release):
     return r.read(MsgType)
   else:
     try:
       return r.read(MsgType)
-    except Exception as e:
+    except rlp.RlpError as e:
       debug "Failed rlp.read",
             peer = peer,
             dataType = MsgType.name,
@@ -945,7 +948,7 @@ proc validatePubKeyInHello(msg: DevP2P.hello, pubKey: PublicKey): bool =
   let pk = PublicKey.fromRaw(msg.nodeId)
   pk.isOk and pk[] == pubKey
 
-proc checkUselessPeer(peer: Peer) =
+proc checkUselessPeer(peer: Peer) {.raises: [UselessPeerError, Defect].} =
   if peer.dispatcher.numProtocols == 0:
     # XXX: Send disconnect + UselessPeer
     raise newException(UselessPeerError, "Useless peer")
@@ -1021,8 +1024,8 @@ template `^`(arr): auto =
   arr.toOpenArray(0, `arr Len` - 1)
 
 proc initSecretState(hs: var Handshake, authMsg, ackMsg: openarray[byte],
-                     p: Peer) =
-  var secrets = hs.getSecrets(authMsg, ackMsg).tryGet()
+    p: Peer) =
+  var secrets = hs.getSecrets(authMsg, ackMsg)
   initSecretState(secrets, p.secretsState)
   burnMem(secrets)
 
diff --git a/eth/p2p/rlpx_protocols/whisper_protocol.nim b/eth/p2p/rlpx_protocols/whisper_protocol.nim
index 59ead25..6cb8a5f 100644
--- a/eth/p2p/rlpx_protocols/whisper_protocol.nim
+++ b/eth/p2p/rlpx_protocols/whisper_protocol.nim
@@ -283,7 +283,7 @@ proc run(peer: Peer) {.async, raises: [Defect].} =
     peer.processQueue()
     await sleepAsync(messageInterval)
 
-proc pruneReceived(node: EthereumNode) {.raises: [].} =
+proc pruneReceived(node: EthereumNode) {.raises: [Defect].} =
   if node.peerPool != nil: # XXX: a bit dirty to need to check for this here ...
     var whisperNet = node.protocolState(Whisper)
 
diff --git a/tests/p2p/test_auth.nim b/tests/p2p/test_auth.nim
index 95349f1..8baee82 100644
--- a/tests/p2p/test_auth.nim
+++ b/tests/p2p/test_auth.nim
@@ -312,8 +312,8 @@ suite "Ethereum P2P handshake test suite":
 
       responder.decodeAuthMessage(authm).expect("decode success")
       initiator.decodeAckMessage(ackm).expect("ack success")
-      var csecInitiator = initiator.getSecrets(authm, ackm).expect("secrets success")
-      var csecResponder = responder.getSecrets(authm, ackm).expect("secrets success")
+      var csecInitiator = initiator.getSecrets(authm, ackm)
+      var csecResponder = responder.getSecrets(authm, ackm)
       check:
         csecInitiator.aesKey == csecResponder.aesKey
         csecInitiator.macKey == csecResponder.macKey
@@ -387,8 +387,8 @@ suite "Ethereum P2P handshake test suite":
       var taes = fromHex(stripSpaces(testE8Value("auth2ack2_aes_secret")))
       var tmac = fromHex(stripSpaces(testE8Value("auth2ack2_mac_secret")))
 
-      var csecInitiator = initiator.getSecrets(m0, m1).expect("secrets")
-      var csecResponder = responder.getSecrets(m0, m1).expect("secrets")
+      var csecInitiator = initiator.getSecrets(m0, m1)
+      var csecResponder = responder.getSecrets(m0, m1)
       check:
         int(initiator.version) == 4
         int(responder.version) == 4
@@ -439,8 +439,8 @@ suite "Ethereum P2P handshake test suite":
         responder.ackMessage(rng[], m1, k1).expect("ack success")
         m1.setLen(k1)
         initiator.decodeAckMessage(m1).expect("decode success")
-        var csecInitiator = initiator.getSecrets(m0, m1).expect("secrets")
-        var csecResponder = responder.getSecrets(m0, m1).expect("secrets")
+        var csecInitiator = initiator.getSecrets(m0, m1)
+        var csecResponder = responder.getSecrets(m0, m1)
         check:
           csecInitiator.aesKey == csecResponder.aesKey
           csecInitiator.macKey == csecResponder.macKey
@@ -461,8 +461,8 @@ suite "Ethereum P2P handshake test suite":
         m1.setLen(k1)
         initiator.decodeAckMessage(m1).expect("ack success")
 
-        var csecInitiator = initiator.getSecrets(m0, m1).expect("secrets")
-        var csecResponder = responder.getSecrets(m0, m1).expect("secrets")
+        var csecInitiator = initiator.getSecrets(m0, m1)
+        var csecResponder = responder.getSecrets(m0, m1)
         check:
           csecInitiator.aesKey == csecResponder.aesKey
           csecInitiator.macKey == csecResponder.macKey
diff --git a/tests/p2p/test_crypt.nim b/tests/p2p/test_crypt.nim
index baeaafc..5baff11 100644
--- a/tests/p2p/test_crypt.nim
+++ b/tests/p2p/test_crypt.nim
@@ -118,8 +118,8 @@ suite "Ethereum RLPx encryption/decryption test suite":
     responder.decodeAuthMessage(authm).expect("success")
     initiator.decodeAckMessage(ackm).expect("success")
 
-    var csecInitiator = initiator.getSecrets(authm, ackm)[]
-    var csecResponder = responder.getSecrets(authm, ackm)[]
+    var csecInitiator = initiator.getSecrets(authm, ackm)
+    var csecResponder = responder.getSecrets(authm, ackm)
     initSecretState(csecInitiator, stateInitiator0)
     initSecretState(csecResponder, stateResponder0)
     initSecretState(csecInitiator, stateInitiator1)
@@ -184,8 +184,8 @@ suite "Ethereum RLPx encryption/decryption test suite":
     m1.setLen(k1)
     check initiator.decodeAckMessage(m1).isOk
 
-    var csecInitiator = initiator.getSecrets(m0, m1)[]
-    var csecResponder = responder.getSecrets(m0, m1)[]
+    var csecInitiator = initiator.getSecrets(m0, m1)
+    var csecResponder = responder.getSecrets(m0, m1)
     var stateInitiator: SecretState
     var stateResponder: SecretState
     var iheader, rheader: array[16, byte]