The firm behind the recent success story of preventing $350 million in damages from hitting the Avalanche blockchain has released an in-depth review of popular Ethereum liquidity staking solution Lido.
The report ultimately gave Lido the all-clear that no significant vulnerabilities had been discovered. Here’s what new blockchain auditing firm Statemind found in their Lido report.
Lido hires Statemind to keep billions at stake
Lido is designed to provide liquidity for staked assets with daily rewards and no lock-up periods. Lido staking solutions are available for Ethereum, Solana, Polygon, Terra, Kusama, and Polkadot. When staking Lido, you mint staking tokens that are issued 1:1 to your original stake. With Lido, your staked tokens can be used across the DeFi ecosystem for collateral, lending, yield farming, and more.
As Lido expands its stronghold of liquid crypto staking solutions, the need for the underlying code to be sparkling clean and free of potential complications becomes imperative. Billions of dollars are at stake for millions of users. Lido has hired blockchain auditing firm Statemind to review its code and ensure there are no critical vulnerabilities — and if there are, to wipe them out before they become a problem.
Statemind makes a splash at launch, saving Avalanche $350 million
Statemind did just that, but outside of its regular clientele, while also making a splash in the cryptocurrency developer community. A proactive review of several top blockchains revealed that Avalanche and associated chains faced a critical vulnerability. The estimated damage is over $350 million, which Statemind was able to save.
Fortunately, in the more reactive Lido research, initiated by the customer themselves, Statemind discovered zero critical, major, or moderate bugs. Only bugs in information that can be easily patched and pose no threat were found, Statemind said.
🧘New test report🧘
Statemind has completed a full review of the @LidoFinance MEV Boost Relay Approval List.
No critical vulnerabilities found
Read our full report here: https://t.co/GthoW7Osd7
— Statemind (@statemindio) September 21, 2022
The findings and recommendations of the Lido audit report
Statemind also explained the results of the MEV Boost Relay whitelist project and the Lido audit in a nine-page report. According to the report, the on-chain relay whitelist “will be used by node operators participating in the post-ETH merger Lido protocol to extract MEV.” Node operators use the contract to ensure an up-to-date software configuration at all times.
“Key recommendations include checking the number of relays right after the msg.sender check, removing the null address check for msg.sender, checking that the token address is a contract in the _safe_erc20_transfer function, and using a Mappings, which maps the URI to the index of the relay in the array,” Statemind explained in a blog post.
What you need to know about Statemind blockchain security audits
Lido is just one of many Statemind clients, which also include 1INCH and Yearn.Finance. Statemind is a brand new blockchain security audit firm with over 100,000 LoC Solidity and Vyper experience combined. To date, Statemind audits have secured over $10 billion in TVL, and the examples above have only added to this rapidly growing number. To learn more, visit Statemind.io.
Learn Crypto Trading, Yield Farms, Income strategies and more at CrytoAnswers
https://nov.link/cryptoanswers
Comments are closed.