Lido is clearly getting a signal from Blockchain audit experts Statemind
The firm behind the recent success story where $350 million in damage was prevented from hitting the Avalanche blockchain has released an in-depth audit report of the popular Ethereum liquidity staking solution, Lido.
The report has finally given Lido a clear signal, noting that no significant vulnerabilities were discovered. Here’s what newcomer blockchain audit firm Statemind found in their Lido report.
Lido tasks Statemind with keeping billions at stake safe
Lido is designed to provide liquidity to assets deposited with daily rewards and no lock-up periods. Lido staking solutions are available for Ethereum, Solana, Polygon, Terra, Kusama and Polkadot. When you stake Lido, you stake staked tokens that are issued 1:1 to your initial stake. With Lido, your staked tokens can be used across the DeFi ecosystem as collateral, for lending, yield farming and more.
As Lido expands its stronghold of liquid crypto staking solutions, the need for the underlying code to be squeaky clean and free of potential complications becomes imperative. Billions of dollars in value are at stake across millions of users. Lido has commissioned blockchain auditing firm Statemind to review its code and ensure no critical vulnerabilities exist – and if they do, patch them before they become a problem.
Statemind makes big splash at launch, saves avalanche $350 million
Statemind did just this, but outside of the mainstream clientele, while making a big splash across the cryptocurrency development community. A proactive review of several top blockchains revealed that Avalanche and its associated chains were exposed to a critical vulnerability. Estimated damages in excess of $350 million that Statemind was able to save.
In the more reactive Lido survey requested by the client itself, Statemind fortunately detected zero critical, high or medium severity errors. Only information errors were found, which can be easily patched and pose no threat, Statemind said.
🧘New audit report🧘
Statemind has completed a full audit of @LidoFinance Approval list for MEV-boost relay.
No critical vulnerabilities found
Read our full report here:
— Statemind (@statemindio) 21 September 2022
The findings and recommendations of the Lido audit report
Statemind further outlined the results of the MEV-Boost relay approval list project and Lido audit i a nine-page report. According to the report, the on-chain permission list “is used by node operators participating in the Lido protocol after the ETH merger to extract MEV.” Node operators use the contract to ensure updated software configuration at all times.
“Key recommendations include checking the number of relays right after the msg.sender check, removing the null address check for msg.sender, checking if the token address is a contract in the _safe_erc20_transfer function, and using a mapping that maps URI to index of relay in the array,” Statemind explained in a blog post.
What you need to know about Statemind Blockchain Safety Audits
Lido is just one of many of Statemind’s clients, which also include 1INCH and Yearn.Finance. Statemind is a brand new blockchain security audit firm with over 100,000 LoC of Solidity and Vyper experience combined. So far, Statemind audits have secured over $10B in TVL, and the examples above have only added to this rapidly growing number. To learn more, visit Statemind.io.