Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Lido Finance, a leading Ethereum staking protocol, has acted promptly to alleviate worries regarding the security of its Lido DAO (LDO) and staked-Ether (stETH) tokens. Allegations had emerged suggesting that hackers exploited a known vulnerability in LDO’s token contract. Although Lido did not verify any specific breaches, it recognized the presence of the security issue and reassured the crypto community that LDO and stETH assets remained protected.
Blockchain security firm SlowMist highlighted these security concerns in a post dated September 10. SlowMist indicated that LDO’s defective token contract could allow malicious entities to perform “fake deposit” attacks on exchanges. This vulnerability stemmed from LDO’s token contract permitting users to execute transactions even without adequate funds, which deviates from the Ethereum Request for Comment 20 (ERC-20) token standard.
In response, Lido Finance refuted SlowMist’s assertion by stating that the identified flaw was not exclusive to LDO but was somewhat inherent to all ERC-20 tokens. SlowMist explained how “fake deposit” attacks could transpire when the token contract processed transfers with amounts exceeding the user’s actual holdings, leading to a false return rather than a transaction reversal. Despite the claims of exploitation, SlowMist did not provide on-chain evidence to substantiate its assertions.
Related Posts
Cointelegraph reached out to SlowMist for a statement but did not receive an immediate reply. Meanwhile, on-chain analyst “Hercules” suggested that cryptocurrency exchanges might struggle to detect this security vulnerability.
SlowMist recommended that LDO holders carefully examine the return values of token contract transfers in conjunction with transaction success or failure in light of the situation. They also stressed the necessity of comprehensive testing prior to the integration of new tokens, as token contract implementations can differ among projects.
Lido Finance has taken measures to tackle the issue by confirming that it will soon revise the LDO token integration guides. In this context, the project referenced the Ethereum Improvement Proposal, co-authored by Vitalik Buterin in November 2015, which states that both the “transfer” and “transferFrom” functions should return the transfer status and only revert a transaction in exceptional circumstances.
As the crypto community anticipates further updates, Lido Finance’s dedication to resolving the security flaw highlights the significance of vigilance and ongoing enhancement in the constantly changing blockchain environment.
The post Lido promises LDO, stETH Tokens Safe Despite Token Contract Flaw. appeared first on BitcoinWorld.
