Lido Security Audit

Download Audit Report
Summary

Lido implements a staking protocol that allows users to stake their ETH while maintaining liquidity. In addition, it allows users to receive rewards for their staked ETH without running validator nodes. The inverse is true for node operators – they can run validator nodes and receive rewards without having to supply ETH themselves.

The most critical subjects covered in our audit are functional correctness, the trust model, and security of user funds. Security regarding all the aforementioned subjects is high. The general subjects covered are gas efficiency and access control. Some improvements to gas efficiency can be made.

The documentation provided was detailed and helpful in understanding the complexity of the system.

In summary, we find that the codebase provides a high level of security.

It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.

About Lido

“Lido is a liquid staking solution for ETH backed by industry-leading staking providers. Lido lets users stake their ETH – without locking assets or maintaining infrastructure – whilst participating in on-chain activities, e.g. lending.

Lido attempts to solve the problems associated with initial ETH staking – illiquidity, immovability and accessibility – making staked ETH liquid and allowing for participation with any amount of ETH to improve security of the Ethereum network.”

Source: https://lido.fi/faq