Lido Finance promptly addresses issues linked to its token contracts.
Lido Finance has publicly stated that its Lido DAO (LDO) and staked-Ether (stETH) tokens are secure despite a security vulnerability in LDO's token contract. The assurance comes in response to concerns raised by blockchain security firm SlowMist.
Reacting to a September 10th post from SlowMist, Lido Finance acknowledged the security vulnerability but emphasized that all LDO and stETH assets remain untouched.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is the Metaverse? (Meaning + Animated Examples)
SlowMist had reported that Lido’s token contract allows for “fake deposit” attacks on crypto exchanges. It is because the contract enables transactions to proceed even when users lack the required funds, a condition that does not conform to the Ethereum Request for Comment 20 (ERC-20) token standard.
Contrary to SlowMist's report, Lido Finance asserted that the flaw exists in all ERC-20 tokens, not solely in LDO tokens.
The security firm indicated that the “fake deposit” issue arises when transfers are executed for amounts larger than the user actually possesses, which results in a false return rather than reversing the transaction. Although SlowMist claimed that Lido's token contract had been recently exploited, it did not provide any on-chain evidence to substantiate the allegation.
On-chain analyst Hercules also weighed in, suggesting that cryptocurrency exchanges might not detect the security flaw. SlowMist further advised LDO holders to be vigilant and check the return values of their token contract transfers, not just the transaction's success or failure.
Lido Finance pointed out that the official Ethereum Improvement Proposal document, co-authored by Vitalik Buterin in 2015, specifies that both “transfer” and “transferFrom” functions are only recommended to revert transactions in exceptional situations. Lido also confirmed that they will soon update the LDO token integration guides to address this issue.
Although SlowMist raised alarm bells about potential security risks, Lido Finance has assured the cryptocurrency community that LDO and stETH tokens remain safe. Meanwhile, the incident serves as a reminder to the broader community about the need for thorough vetting and testing of token contracts.
