Home » Business » Lido Finance Assures Users of the Security of LDO and stETH Tokens despite Smart Contract Vulnerability

Lido Finance Assures Users of the Security of LDO and stETH Tokens despite Smart Contract Vulnerability

The Lido Finance liquid staking protocol team has assured users that assets in LDO and stETH tokens remain secure despite the presence of a vulnerability in the smart contract.

See more

The developers have not confirmed any exploits through the bug, which was brought to the attention of SlowMist experts.

The cybersecurity firm said there was an “operational issue” in the LDO contract, which attackers have recently used to attack exchanges using “fake deposits.”

The vulnerability allows the transfer of tokens in quantities exceeding the actual assets of the user. In this case, the LDO contract does not trigger a normal transaction rollback, but simply returns “false” as a result. Experts indicated that the code differs from the ERC-20 standard.

Lido denied their claim. The developers noted that the “transfer” and “transferFrom” functions are necessary to determine the status of the transaction and are recommended for cancellation only in exceptional cases. However, the rules explicitly require the caller to check the returned status, they added.

See more

The DeFi project team intends to update the Lido token integration guide, taking into account the features of LDO.

SlowMist noted that there are many tokens on the market that differ from ERC-20 requirements. Therefore, experts recommended not relying only on the success or failure of transactions, but also on the actual values ​​returned by the contract. They emphasized the importance of a deep understanding of the code, extensive testing before integration, and regular cybersecurity audits.

At the time of writing, the total value of funds locked in the protocol at Lido is ~$14 billion, according to DeFi Call.

Recall that in July the figure exceeded $15 billion, and the team noted “impressive platform growth and market demand.”

Subscribe to ForkLog on social networks

Found an error in the text? Select it and press CTRL+ENTER

ForkLog newsletters: keep your finger on the pulse of the Bitcoin industry!


2023-09-11 09:30:05
#Lido #Finance #confirm #exploit #LDO #tokens #ForkLog

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.