Lido Finance Assures Safety of LDO and stETH Funds Amidst Security Flaw
Read about the recent security flaw in Lido Finance's token contract and its impact on LDO and stETH funds. Learn how the protocol plans to resolve the issue and ensure user safety.
Posted 10 months ago in Security
Ethereum staking protocol Lido Finance has reassured its users that their LDO and stETH funds are safe, despite a known security flaw in Lido DAO's token contract. The flaw, known as the 'fake deposit' attack, allows bad actors to execute transfers where the requested value is larger than the user's actual funds. Although Lido Finance acknowledged the security flaw, they emphasized that it is not exclusive to Lido's LDO token, but rather a common behavior among ERC-20 tokens. They have pledged to update their token integration guides to make this flaw more visible.
The blockchain security firm SlowMist first reported the vulnerability and warned that it could enable malicious users to perform fake deposit attacks on exchanges. The flawed token contract deviates from the Ethereum Request for Comment 20 (ERC-20) token standard, according to SlowMist. The attacks involve executing transfers with higher values than the user owns, resulting in false returns instead of transaction reversion.
While SlowMist claimed that Lido's token contract had been exploited through this attack, no on-chain evidence was provided. However, cybersecurity analysts advise LDO holders to verify the return values of token contract transfers to ensure transaction success. SlowMist also recommends conducting comprehensive testing before integrating new tokens due to variations in token contract implementations and behaviors across projects.
Lido Finance has addressed the security flaw by confirming that they will update their LDO token integration guides promptly. The protocol aims to maintain the safety of LDO and stETH funds while increasing awareness of this vulnerability in the ERC-20 token ecosystem.
Last updated 9/10/2023, 9:34:29 PM
Related Articles
Justin Sun Addresses HTX Customers After $8M Hack: Measures Taken to Protect User Assets
Posted 10 months ago in Security
FTX Hack: $4 Million Worth of ETH Associated with Bankrupt Crypto Empire Starts Moving
Posted 9 months ago in Security
News Letter
Subscribe to the CryptoCat.ai newsletter to stay updated with the latest cryptocurrency news, insightful articles, market trends, and more – delivered directly to your inbox!
Is email too old school? Well you can get your news directly on twitter just by following us
Follow Us