Summary
The most critical subjects covered in our audit are compliance with the specification, correctness of the arithmetic operations, and functional correctness. No major issues were uncovered. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Lido LIP-23: Rebase Check Smart Contracts
Lido implements an improvement of the OracleReportSanityChecker which aims to mitigate the riskof malicious oracle daemons colluding and reporting excessive negative rebases of stETH.
“Lido is a liquid staking solution for ETH backed by industry-leading staking providers. Lido lets users stake their ETH – without locking assets or maintaining infrastructure – whilst participating in on-chain activities, e.g. lending.
Lido attempts to solve the problems associated with initial ETH staking – illiquidity, immovability and accessibility – making staked ETH liquid and allowing for participation with any amount of ETH to improve security of the Ethereum network.”
We are completely satisfied with this engagement. ChainSecurity team was very flexible about slot booking and provided deep code analysis with non-trivial findings.
I’ve asked around about this whole experience and everyone considers your work over the top, thank you so much! ❤️
Lido on Ethereum Contributors