The firm behind the recent success story, where $350M in damages were prevented from hitting the Avalanche blockchain, has released an in-depth audit report of the popular Ethereum liquidity staking solution, Lido.
The report has ultimately given Lido an all-clear signal, noting that no significant vulnerabilities were discovered. Here is what newcomer blockchain auditing firm Statemind did find in their Lido report.
Lido Tasks Statemind With Keeping Billions At Stake Secure
Lido is designed to provide liquidity for staked assets with daily rewards and no lock up periods. Lido staking solutions are available for Ethereum, Solana, Polygon, Terra, Kusama, and Polkadot. Without solutions like Lido, staking Ethereum, for example, requires locking up as much as 32 ETH for many years without being able to use or sell the tokens. When staking Lido you mint staked tokens which are issued 1:1 to your initial stake. With Lido, your staked tokens can be used across the DeFi ecosystem as collateral, for lending, yield farming, and more.
As Lido expands its stronghold over liquid crypto staking solutions, the need for the underlying code to be squeaky clean and without any potential complications becomes imperative. Billions of dollars in value are at stake across millions of users. Lido has tasked blockchain auditing firm Statemind with reviewing its code and ensuring no critical vulnerabilities exist — and if they do, snuff them out before they become an issue.
Statemind Makes Huge Splash At Launch, Saving Avalanche $350M
Statemind did just this but outside of its regular clientele, while simultaneously making a huge splash across the cryptocurrency development community. A proactive review of several top blockchains revealed that Avalanche and associated chains were exposed to a critical vulnerability. Estimated damages top over $350M that Statemind was able to save.
In the more reactive Lido research prompted by the client themselves, Statemind, fortunately, discovered zero critical, high, or medium-severity bugs. Only informational bugs were found, which are easily patched and pose no threat, said Statemind.
New Audit Report
Statemind has completed a full Audit of @LidoFinance MEV-boost relay allowlist.
No Critical Vulnerabilities Found
Read our full report here: https://t.co/GthoW7Osd7
— Statemind (@statemindio) September 21, 2022
The Results And Recommendations Of The Lido Audit Report
Statemind further outlined the results of the MEV-Boost relay allowlist project and Lido audit in a nine-page report. According to the report, the on-chain relay allowlist is “used by Node Operators participating in the Lido protocol after the ETH Merge to extract MEV.” Node Operators use the contract to ensure up-to-date software configuration at all times.
“Key recommendations involve checking the number of relays right after the msg.sender check, removing the zero address check for msg.sender, checking if the token address is a contract in the function _safe_erc20_transfer, and utilizing mapping that maps URI to index of relay in the array,” Statemind explained in a blog post.
What You Need To Know About Statemind Blockchain Safety Audits
Lido is just one of many of Statemind’s clients, which also include 1INCH and Yearn.Finance. In addition to finding a critical vulnerability in Avalanche, Statemind also just announced the discovery of a two-year-old exploit in Andre Cronje’s latest project, Keep3r Network.
Statemind is a brand new blockchain security auditing firm with over 100,000 LoC of Solidity and Vyper experience combined. Thus far, Statemind audits have secured over $10B in TVL, and the examples above have only added to this rapidly-growing number. To learn more, visit Statemind.io.