- Lido said that LDO and stETH funds are secure but did not confirm any vulnerabilities.
- SlowMist advises LDO holders to examine the return values of the token contract transfers.
Despite hackers apparently exploiting a known security hole in Lido DAO’s token contract, Lido Finance has guaranteed Lido DAO LDO and staked-Ether (stETH) tokens are secure. In response to a post by blockchain security company SlowMist on September 10, Lido said that LDO and stETH funds are secure but did not confirm any vulnerabilities.
According to SlowMist, “fake deposit” assaults on exchanges may be enabled by the design flaws in LDO’s token contract, which allow users to conduct transactions despite a lack of the readily available funds. According to SlowMist, this code doesn’t follow the guidelines set out by the Ethereum Request for Comment 20 (ERC-20) token standard.
Not Just Limited to LDO Token
But Lido Finance stated that the vulnerability is inherent to all ERC-20 tokens, not just the LDO token. According to SlowMist, LDO’s token contract was to blame for the “fake deposit” assaults since it allowed for transfers of a greater value than the user really had, resulting in a false return rather than reversing the transaction.
The company claims that this technique has recently been used to abuse Lido’s token contract, although no proof of this has been published on the blockchain. However, on-chain expert “Hercules” warned on September 10 that cryptocurrency exchanges could miss the security hole.
In addition to verifying the success or failure of a transaction, SlowMist advises LDO holders to examine the return values of the token contract transfers. Because token contract implementations and behaviors differ from project to project, SlowMist recommends extensive testing prior to incorporating any new tokens.
Highlighted Crypto News Today:
Ripple Acquires Fortress Trust to Further Boost Expansion