Lido implements a staking protocol that allows users to stake their ETH while maintaining liquidity. In addition, it allows users to receive rewards for their staked ETH without running validator nodes. The inverse is true for node operators – they can run validator nodes and receive rewards without having to supply ETH themselves.
The most critical subjects covered in our audit are functional correctness, the trust model, and security of user funds. Security regarding all the aforementioned subjects is high. The general subjects covered are gas efficiency and access control. Some improvements to gas efficiency can be made.
The documentation provided was detailed and helpful in understanding the complexity of the system.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.