Despite Recent Security Issues, Lido Assures the Safety of LDO and stETH Tokens

Lido Finance has publicly stated that its Lido DAO (LDO) and staked-Ether (stETH) tokens are secure despite a security vulnerability in LDO's token contract. The assurance comes in response to concerns raised by blockchain security firm SlowMist.

Reacting to a September 10th post from SlowMist, Lido Finance acknowledged the security vulnerability but emphasized that all LDO and stETH assets remain untouched.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is Polygon in Crypto? (Animated Explainer)

SUBSCRIBE

ON YOUTUBE

SlowMist had reported that Lido’s token contract allows for “fake deposit” attacks on crypto exchanges. It is because the contract enables transactions to proceed even when users lack the required funds, a condition that does not conform to the Ethereum Request for Comment 20 (ERC-20) token standard.

Contrary to SlowMist's report, Lido Finance asserted that the flaw exists in all ERC-20 tokens, not solely in LDO tokens.

The security firm indicated that the “fake deposit” issue arises when transfers are executed for amounts larger than the user actually possesses, which results in a false return rather than reversing the transaction. Although SlowMist claimed that Lido's token contract had been recently exploited, it did not provide any on-chain evidence to substantiate the allegation.

On-chain analyst Hercules also weighed in, suggesting that cryptocurrency exchanges might not detect the security flaw. SlowMist further advised LDO holders to be vigilant and check the return values of their token contract transfers, not just the transaction's success or failure.

Lido Finance pointed out that the official Ethereum Improvement Proposal document, co-authored by Vitalik Buterin in 2015, specifies that both “transfer” and “transferFrom” functions are only recommended to revert transactions in exceptional situations. Lido also confirmed that they will soon update the LDO token integration guides to address this issue.

Although SlowMist raised alarm bells about potential security risks, Lido Finance has assured the cryptocurrency community that LDO and stETH tokens remain safe. Meanwhile, the incident serves as a reminder to the broader community about the need for thorough vetting and testing of token contracts.

Gile K., Market Sentiment Analyst

Gile is a Market Sentiment Analyst who understands what public events may form what emotions. Her experience researching Web3 news and public market messages – including cryptocurrency news reports, PRs, and social network streams – is critical to her role in helping lead the Crypto News Editorial Team.
As an intelligent professional in public relations, together with the team, she aims to determine real VS fake news patterns, and bring her findings to anyone searching for unbiased news and events happening in the FinTech markets. Her expertise is uncovering the latest trustworthy & informative Web3 announcements to the masses.
When she's not researching the trustworthiness of mainstream stories, she spends time enjoying her terrace view and taking meticulous care of her outdoor environment.

Full Bio

All Expert Contributors & Analysts