Oxorio And Its Comprehensive Audit For Lido V2: What Was Found

Oxorio has completed a thorough and independent audit of Lido, a decentralized staking and liquid staking solution. The audit report, accessible for public review, highlights all the issues detected by Oxorio to ensure the integrity and security of Lido's smart contracts and underlying infrastructure of its V2 upgrade. So, what was found during the last check, and why was it so important for Lido? Check out the results and extra methods implemented with the audit.

Enhancing Security and Reliability of Lido's unstaking mechanism

With the launch of the most anticipated solution in the crypto community, Lido is marking a milestone in the Ethereum network's evolution. At the forefront of this transformative movement that widens opportunities for the community stands Lido, a leading platform in the liquid staking sector.  Among all the long-awaited options like staking router, the second update of the protocol was provided by seamless unstaking. It allows Ethereum stakers to withdraw their stETH (staked Ethereum) and wstETH (wrapped staked Ethereum) seamlessly and directly in the Lido V2 protocol.

Implementing a withdrawal mechanism was a technically intricate and crucial task for the Lido team. The potential for mistakes, which could lead to the loss of users' funds and ruin their reputation, was a significant concern for the team behind the project.

Recognizing this responsibility, Lido undertook serious preparations before unveiling the new version of their protocol.The company has invested a lot of energy in security issues and conducted 7 independent audits to ensure the utmost security and reliability.

The significance of this audit extends beyond Lido itself. As a prominent player in the crypto industry, Lido sets a high level for other protocols and projects. By undergoing a comprehensive audit, Lido demonstrates a commitment to best practices and security standards. This sets a positive example for the broader crypto community, influencing other projects to prioritize similar security assessments to enhance the overall safety and reliability of the crypto ecosystem.

The final touch of the audit was made by Oxorio

Oxorio was also chosen as one of the trusted partners and was involved during the final stages of the audit, where the focus shifted to detecting any remaining but still crucial errors.

Auditing smart contracts was not the only thing to examine. Oxorio went above and beyond by checking the off-chain components, an aspect often overlooked by many protocols, despite its importance. This comprehensive approach ensures that the entire system functions correctly and minimizes any potential vulnerabilities or exploits. By conducting a thorough assessment, Oxorio helps to establish trust and confidence in Lido's unstaking mechanism. Oxorio's expertise in blockchain security adds an extra layer of assurance to Lido's community, enhancing confidence among users, partners, and stakeholders.

From Code Analysis to Vulnerability Checks of Off and On-chain components

Oxorio's team of highly skilled blockchain security experts utilized top-notch and rigorous methodologies and comprehensive testing scenarios to evaluate the security and reliability of Lido's ecosystem. By employing industry-leading best practices, Oxorio's auditors thoroughly scrutinized Lido's smart contracts, including its staking pool and reward distribution mechanisms. Oxorio followed a meticulous security assessment methodology, which consisted of several key steps.

A comprehensive review of the project's architecture

Oxorio's auditors carefully examined the source code, diligently searching for any errors or bugs that could compromise security. Through manual analysis, they aimed to identify vulnerabilities that might have been overlooked during the development process.

Moving forward, the auditors embarked on the second step by cross-referencing the code against a continually updated list of known vulnerabilities maintained by Oxorio. This verification process ensured that Lido's code was scrutinized against the latest security threats, leaving no room for potential breaches.

In addition, Oxorio auditors examined the architecture and structure of the security model. They delved into project documentation, comparing it against the codebase. This comprehensive study included an examination of comments, technical papers, and other relevant materials, ensuring that the security model aligned with the intended design.

Recognizing the importance of diverse perspectives, the fourth step involved cross-checking the results obtained by different auditors.

There were certain issues discovered, and among them were the following:

  • The potential inflation of the share rate obtained after the rebase simulation by sending ETH to specific entities. This manipulation of the share rate can be exploited for malicious purposes, especially when combined with other protocols that utilize stETH as collateral or hold it in liquidity pools. This predictable manipulation of the rebase value, coupled with the predictability of Oracle reports, opens up opportunities for extracting value in a malicious manner.
  • Concerns regarding the lack of validation and the possibility of overflow in the Burner component.
  • The actions of a node operator within the Lido protocol can have detrimental effects on its normal functioning and result in financial losses. Node operators possess complete control over the validators' infrastructure and are primarily incentivized by the rewards they receive from the protocol. They may exploit their position to create adverse conditions within the consensus layer. These conditions could lead to severe consequences such as mass slashing, triggering the activation of the bunker mode, and blocking withdrawals from the protocol, ultimately resulting in financial losses.

Multiple auditors behind Oxorio independently conducted extensive research and analysis of the project. Following this, the auditors engaged in a mutual cross-check process, thoroughly comparing and validating their audit findings. This collaborative approach served as a safeguard against oversights or biases, reinforcing the integrity of the audit.

Level Up Security: Additional Methods To Leave No Stone Unturned

In the face of complex systems, traditional tools often prove insufficient in predicting and addressing potential incidents. Acknowledging the complex nature, the need for an alternative approach arose, focusing on the analysis of possible incidents and their consequences. This approach helped to mark several issues, like:

  • StETH/ETH stability during bunker mode.
  • Malicious DAO proposal with two plausible options that attackers could pursue.
  • All oracles should consistently generate an identical report for a specific epoch, regardless of the time at which they are consulted.
     

Upon completing the individual audits and the subsequent cross-checking process, Oxorio proceeded to consolidate the findings. The audited report, encompassing the insights and recommendations from multiple auditors, was compiled into a comprehensive document. This consolidated report presented a holistic overview of the security assessment, providing Lido with a clear understanding of the strengths, weaknesses, and necessary improvements.

Measure Twice

To ensure accuracy and accountability, Oxorio conducted a re-audit of the revised editions of the source code. After Lido addressed the issues identified during the initial audit, Oxorio auditors thoroughly reevaluated the codebase. This double-checking process aimed to verify that the necessary fixes were implemented successfully and to identify any remaining vulnerabilities. The results of this re-audit were incorporated into a new version of the audit report, providing an updated assessment of the code's security.

Security Audit Reveals No Critical Issues

Oxorio's audit report for Lido is available for public access, promoting transparency and empowering users to make informed decisions regarding their involvement with the protocol. The comprehensive review encompasses all aspects of Lido's architecture, providing a detailed analysis of potential risks and vulnerabilities. By undergoing this meticulous assessment, Lido strengthens its position, instilling trust and confidence among users and the wider DeFi community. To access the full audit report conducted by Oxorio for Lido, please visit:

About Oxorio

Oxorio is a globally recognized cybersecurity firm that has established itself as a leading authority in safeguarding digital assets and infrastructures of decentralized platforms. With a team of highly skilled auditors and researchers, it is committed to providing security services using cutting-edge techniques and best practices.

With a deep commitment to fostering trust and confidence in the blockchain industry, Oxorio actively contributes to the development of security standards and practices. The firm collaborated with industry leaders such as 1inch, ShardLabs, Rarible, Securrency, and StableUnit. The best is yet to come, and Oxorio engages in research initiatives to stay at the forefront of emerging threats and vulnerabilities.

With its dedication to fostering trust and confidence in the blockchain industry, Oxorio continues to solidify its position, ensuring the security and reliability of decentralized systems. The company aims to further explore and engage with similar projects to delve even deeper into the intricacies of liquid staking.

In addition, Oxorio plans to release a series of technical articles that provide a comprehensive analysis of Lido and other notable liquid staking solutions. By sharing insights and knowledge, Oxorio aims to empower the community with valuable resources and contribute to the overall growth and understanding of liquid staking technology.

More about Oxorio can be found here.

About Lido

Lido is an innovative decentralized platform that offers a robust staking and liquid staking solution specifically designed for Ethereum. Its primary objective is to empower users by providing them with the opportunity to earn staking rewards while maintaining their liquidity. With Lido, Ethereum holders can actively participate in securing the Ethereum network and simultaneously generate stETH tokens that possess high liquidity, making them readily usable in various decentralized finance (DeFi) protocols.

The aim of Lido is to democratize and streamline the process of staking for all Ethereum users. By abstracting the complex technicalities associated with running a validator node, Lido simplifies the staking experience, ensuring accessibility and efficiency for even novice users. Lido's user-friendly interface and intuitive features enable Ethereum holders to seamlessly stake their tokens and receive staking rewards without the need for extensive technical knowledge or substantial upfront investments.

Image sourced from Shutterstock

This post was authored by an external contributor and does not represent Benzinga's opinions and has not been edited for content. This contains sponsored content and is for informational purposes only and not intended to be investing advice. Cryptocurrency is a volatile market; do your independent research and only invest what you can afford to lose. New token launches and small market capitalization coins are inherently more risky than large cap cryptocurrencies. These tokens are subject to larger liquidity and market risks.

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Posted In: CryptocurrencyMarkets
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!