1. BITBILIHome
  2. Article

Lido Finance reassures investors amid security flaw concerns in LDO token contract

53 views

TL;DR Breakdown

  • Lido Finance acknowledges a security flaw in its LDO token but assures tokens are secure.
  • SlowMist identifies the flaw, which allows transactions without sufficient funds. Lido Finance argues the issue is common to all ERC-20 tokens.

Description

Ethereum staking protocol Lido Finance has publicly acknowledged a known security flaw in its LDO token contract. The announcement came in response to a September 10 post by blockchain security firm SlowMist, which highlighted the vulnerability that could potentially enable “fake deposit” attacks on cryptocurrency exchanges, Cryptopolitan reported.  Despite the concerns, Lido Finance reassured investors … Read more

Ethereum staking protocol Lido Finance has publicly acknowledged a known security flaw in its LDO token contract. The announcement came in response to a September 10 post by blockchain security firm SlowMist, which highlighted the vulnerability that could potentially enable “fake deposit” attacks on cryptocurrency exchanges, Cryptopolitan reported

Despite the concerns, Lido Finance reassured investors that both Lido DAO LDO and staked-Ether (stETH) tokens remain secure.

Lido Finance counters SlowMist’s allegations

SlowMist’s analysis revealed that the flaw in the LDO token contract allows users to execute transactions even when they lack sufficient funds. This deviation from the Ethereum Request for Comment 20 (ERC-20) token standard could facilitate unauthorized transactions. SlowMist also claimed that the token contract had recently been exploited through this vulnerability, although no on-chain evidence was provided to substantiate the claim.

Lido Finance countered SlowMist’s allegations by citing the official Ethereum Improvement Proposal document, co-authored by Ethereum founder Vitalik Buterin. The document states that “both the “transfer” and “transferFrom” functions must return the transfer status and are only recommended to revert a transaction in exceptional cases.” Lido Finance argued that the flaw is inherent in all ERC-20 tokens, not just in Lido’s LDO token.

SlowMist has advised LDO token holders to check the return values of token contract transfers in addition to monitoring the success or failure of a transaction.

To mitigate the security risk, Lido Finance also confirmed that updates to the LDO token integration guides are imminent. The company said it is taking proactive steps to address any security flaws.

According to data from DeFiLlama, the total value locked (TVL) in Lido stands at over $14 billion as of September 11. It’s worth noting that LDO, an ERC20 governance token, is leveraged for voting on improvement proposals in the Lido DAO.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:Lido Finance reassures investors amid security flaw concerns in LDO token contract

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年9月12日 00:41
Next 2023年9月12日 01:54

Related articles

  • HashKey Group seeks $100-$200 million in funding to fuel crypto expansion

    TL;DR Breakdown   The company aims to leverage Hong Kong’s focus on digital asset development and capitalize on emerging opportunities in the market. HashKey is considering a fundraising round ranging from $100 million to $200 million, but the specific details are subject to change until finalized. HashKey plans to introduce a regulated exchange in the second quarter of this year. HashKey Group, a Hong Kong-based company focused on cryptocurrencies, is engaged in preliminary discussions to raise funds in a potential funding round. The objective of this round is to achieve a valuation exceeding $1 billion, aligning with the company’s aspirations. This strategic move is driven by HashKey Group’s intent to leverage Hong Kong’s increasing focus on digital asset development and capitalize on emerging opportunities in the market. Sources familiar with the matter indicate that Hashkey is contemplating a fundraising round ranging from $100 million to $200 million. However, it is important to note that transaction specifics, including the precise amount and valuation, may undergo alterations as they need to be finalized. Hashkey’s consideration of raising substantial capital underscores their intent…

    Article 2023年5月20日

  • Apple swiftly purges fake Trezor app from App Store

    TL;DR Breakdown Apple has removed a fraudulent app posing as the cryptocurrency hardware wallet Trezor from its App Store. The scam app, “Trezor Wallet Suite,” was exposed by Rafael Yakobi, a managing partner at Crypto Lawyers. Despite Apple’s immediate action, another potential rogue app, “MyTREZŌR Suite: One Edition,” was found in the App Store. Description In a response to an emergent security threat, Apple Inc., the technology behemoth, has removed a fraudulent application posing as Trezor, a reputed cryptocurrency hardware wallet, from its App Store. Despite this prompt action, investigations reveal that other counterfeit apps are still at large within the digital platform. Apple’s quick trigger action against fraudulent apps … Read more In a response to an emergent security threat, Apple Inc., the technology behemoth, has removed a fraudulent application posing as Trezor, a reputed cryptocurrency hardware wallet, from its App Store. Despite this prompt action, investigations reveal that other counterfeit apps are still at large within the digital platform. Apple’s quick trigger action against fraudulent apps Rafael Yakobi, the managing partner at Crypto Lawyers, first spotlighted the issue…

    Article 2023年6月23日

  • Former Binance payment partner Cuscal imposes new restrictions on Australian exchanges

    TL;DR Breakdown Cuscal, an Australian payment provider, has announced new banking restrictions on crypto exchanges Blockchain Australia has criticized the move, highlighting their stance on advocating for secure digital transactions and preserving users’ freedom. Description Cuscal, an Australian payment provider that recently cut ties with Binance, has announced new banking restrictions for the remaining digital currency exchanges on its platform through its partner Zepto. Blockchain Australia, the country’s industry body, released a statement criticizing the move, adding that though it supports efforts to secure digital transactions, Australians should be able … Read more Cuscal, an Australian payment provider that recently cut ties with Binance, has announced new banking restrictions for the remaining digital currency exchanges on its platform through its partner Zepto. Blockchain Australia, the country’s industry body, released a statement criticizing the move, adding that though it supports efforts to secure digital transactions, Australians should be able to spend their money “without undue restrictions.” Cuscal new restrictions on crypto Cuscal recently circulated a “survey” titled Zepto Compliance Survey for Digital Currency Exchanges (DCE), in which the company highlighted several…

    Article 2023年6月23日

  • The menace of Twitter bots: A threat to crypto marketing strategies

    TL;DR Breakdown According to a research report, Twitter bots could distort perceptions of a crypto’s popularity, creating artificial highs in social media engagement and misleading potential investors. Cryptos with abnormally high engagement coefficients, which could be inflated by bot activity, have been found to yield low returns, frequently after a brief spike. The implementation of multi-faceted solutions is necessary to address the challenges posed by Twitter bots. Description Twitter bots have attained notoriety within the crypto industry. Now, two Yale researchers believe they know how to trade more profitably by leveraging phony engagement. In recent years, the crypto industry has witnessed exponential growth and widespread adoption. As this digital revolution gains momentum, marketing strategies have become paramount in ensuring success for crypto projects.  … Read more Twitter bots have attained notoriety within the crypto industry. Now, two Yale researchers believe they know how to trade more profitably by leveraging phony engagement. In recent years, the crypto industry has witnessed exponential growth and widespread adoption. As this digital revolution gains momentum, marketing strategies have become paramount in ensuring success for crypto…

    Article 2023年6月26日

  • North Korea’s Lazarus Group suspected in $55 million CoinEx hack

    TL;DR Breakdown North Korea’s Lazarus Group is suspected to be behind the recent $55 million hack of cryptocurrency exchange CoinEx, according to blockchain security firm SlowMist and on-chain investigator ZachXBT. The hack has raised concerns about the vulnerabilities in the crypto ecosystem, adding to nearly $1 billion lost to cyber exploits since January 2023, as reported by cybersecurity firm CertiK. CoinEx has temporarily halted deposits and withdrawals and assured full compensation to affected users, highlighting the need for more robust security measures in the crypto industry. Description In a startling revelation, North Korea’s Lazarus Group is believed to be the mastermind behind the recent $55 million hack of cryptocurrency exchange CoinEx. The suspicion was confirmed by blockchain security firm SlowMist and on-chain investigator ZachXBT, who found a link between the CoinEx hack and a previous attack on betting platform Stake.com. Both attacks … Read more In a startling revelation, North Korea’s Lazarus Group is believed to be the mastermind behind the recent $55 million hack of cryptocurrency exchange CoinEx. The suspicion was confirmed by blockchain security firm SlowMist and on-chain…

    Article 2023年9月14日
TOP