May 29, 2024
Lido Finance Addresses Security Concerns Amid Alleged 'Fake Deposit' Attacks
Altcoins News

Lido Finance Addresses Security Concerns Amid Alleged ‘Fake Deposit’ Attacks

Protocol for staking Ethereum Although hackers are said to have allegedly taken advantage of a known security hole in LDO’s token contract, Lido Finance has assured that both Lido DAO and staked-Ether (stETH) tokens are safe.

In response to a post on September 10 by blockchain security company SlowMist, Lido did not disclose any attacks, but it did acknowledge the security problem was identified and reassure users that their LDO and stETH funds are secure.

Because LDO’s token contract permits users to complete transactions even when they lack adequate funds, according to SlowMist, bad actors can conduct “fake deposit” attacks on exchanges. According to SlowMist, this code differs from the Ethereum Request for Comment 20 (ERC-20) token standard.

According to Lido Finance, the problem is present in all ERC-20 tokens, not just Lido’s LDO coin.

According to SlowMist, the “fake deposit” attacks are caused by LDO’s token contract performing transfers with values higher than what the user genuinely possesses, leading to a false return rather than reversing the transaction. The company claimed that Lido’s token contract was recently abused through this attack, although no on-chain proof was offered.

On-chain analyst “Hercules” stated on September 10 that Bitcoin exchanges might not find the security weakness.

SlowMist advises LDO owners to examine the return values of token contract transfers as well as the transaction’s success or failure.

The blockchain security company concluded that different projects implement token contracts differently and should test them thoroughly before implementing them.

However, Lido emphasized that the “transfer” and “transferFrom” functions must both return the transfer status and are only advised to roll back a transaction in rare circumstances in the official Ethereum Improvement Proposal paper, which was co-authored by Vitalik Buterin in November 2015.

Lido stated that the LDO token integration documentation will soon be revised to address the security problem.

Image: Freepik

Related posts

Uniswap v4 Set to Launch in Q3 Post Ethereum’s Dencun Upgrade 

Cheryl  Lee

Binance User Loses $70,000 in Crypto, Raises Concerns Over Exchange’s Response

Christian Green

Solana’s Struggles: How the Decline of FTX and Legal Troubles Impact SOL

Harper Hall

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Please enter CoinGecko Free Api Key to get this plugin works.