Unravelling the controversy around Lido Finance’s token contract exploit

Posted: September 11, 2023

• SlowMist mentioned that the loophole allowed anybody to hold out transfers exceeding the quantity of funds that they held.
• LDO fell after the disclosure however recovered after Lido’s assurance.

Unscrupulous gamers exploited a recognized vulnerability in Lido Finance’s [LDO] token contract to launch “pretend deposit” assaults on exchanges, in accordance with blockchain safety agency SlowMist. Nonetheless, no on-chain proof was offered as of this writing to determine the veracity of the declare.

Inside seven hours of the disclosure, Lido assured customers that their funds in governance token LDO and liquid staking token Lido Staked ETH [stETH] have been protected.

Reasonable or not, right here’s LDO’s market cap in BTC phrases

Arguments and counterarguments

Offering extra particulars, SlowMist mentioned that the safety loophole allowed anybody to hold out transfers exceeding the quantity of funds that they held. Because of the logical flaw, as a substitute of the perfect transaction rollback state of affairs, a false return was triggered.

Supply: SlowMist

SlowMist had a phrase of warning for exchanges,

“Remember that there are lots of token contracts out there that don’t adhere to the ERC20 customary. Earlier than integrating new tokens, guarantee a deep understanding and evaluation of their contract code to make sure the right deposit logic.”

Nonetheless, Lido was not satisfied. It said that the actual conduct was not confined to LDO tokens however prolonged to all different ERC-20 tokens as properly.

Utilizing the ERC-20 customary as a information, Lido demonstrated how the logic returned switch standing in all common eventualities and solely reverted the transaction in “distinctive” circumstances.

LDO witnesses a fall

As the difficulty escalated, LDO started to really feel the warmth. Lido’s native token fell 4.5% to $1.45 within the hours following SlowMist’s publish on social media platform X, previously Twitter. Nonetheless, Lido’s counterargument served to calm the waters. LDO recovered to $1.49 on the time of writing, information from CoinMarketCap revealed.

Is your portfolio inexperienced? Take a look at the LDO Revenue Calculator

Supply: CoinMarketCap

As per Santiment, there was a noticeable rise in LDO buying and selling volumes which recommended that panicky holders tried to do away with their stashes.

Furthermore, LDO’s social quantity spiked. This indicated that the adverse chatter across the token had elevated on crypto-focused social teams of fashionable boards.

Supply: Santiment