Back to News

Lido Assures Community Members Of LDO And stETH Tokens’ Safety

Twitter icon  •  Published vor 7 Monaten  •  Hassan Maishera

Lido Finance has assured community members that LDO and stETH tokens remain safe despite a law in its token contract.

TL;DR

  • Lido Finance has assured community members that LDO and stETH tokens remain safe despite a flaw in the token contract.

  • Hackers reportedly exploited a known security flaw in LDO’s token contract.

LDO And stETH Tokens Remain Safe

Ethereum staking protocol Lido Finance has assured its community members that Lido DAO (LDO) and staked-Ether (stETH) tokens remain safe despite hackers reportedly exploiting a known security flaw in LDO’s token contract.

The team didn’t confirm any exploits but revealed that the security flaw was known. However, it reassured its users that LDO and stETH funds remain safe. This was in response to a tweet by blockchain security firm SlowMist on September 10th. 

According to SlowMist, LDO’s flawed token contract makes it possible for hackers to execute “fake deposit” attacks on exchanges as LDO’s token contract enables users to execute transactions even where they don’t have sufficient funds. The security expert added that this code deviates from the Ethereum Request for Comment 20 (ERC-20) token standard.

The Lido Finance team revealed that the flaw is built into all ERC-20 tokens — not just Lido’s LDO token.

However, SlowMist pointed out that the  “fake deposit” attacks were a result of LDO’s token contract executing transfers where the value is larger than what the user actually owns. This results in a false return as opposed to reverting the transaction. 

On-chain analyst “Hercules” further explained that the security flaw may not be picked up by cryptocurrency exchanges.

However, SlowMisk recommended that LDO holders should check not only the success or failure of a transaction but also the return values of the token contract transfers. 

The Lido Finance team confirmed that the LDO token integration guides will soon be updated to resolve the security flaw.

 

Author

Hassan Maishera

Hassan is a Nigeria-based financial content creator that has invested in many different blockchain projects, including Bitcoin, Ether, Stellar Lumens, Cardano, VeChain and Solana. He currently works as a financial markets and cryptocurrency writer and has contributed to a large number of the leading FX, stock and cryptocurrency blogs in the world.