Lido and Rocket Pool Deploy Temporary Patches for Staking Node Vulnerability


Lido, a staking pool provider for Ethereum 2.0 staking, has successfully patched a security flaw discovered on its platform.The security flaw had caused a scare among Lido’s users, promoting the protocol to delay its launch to get things patched up.

Issues With the Smart Contract Architectures

On Monday, Dmitri Tsumak, the founder of Lido’s competitor StakeWise, announced the discovery of a vulnerability in its staking protocol that would allow node operators to remove funds from ETH 2.0 staking pools. Tsumak had initially identified the exploit in the architecture of Rocket Pool – a third protocol, which is set to launch soon.

After finding out that the protocol would also significantly affect Lido, Tsumak immediately raised the alarm. Lido is currently the largest ETH 2.0 staking pool built on the Ethereum blockchain, with a total value locked at over $4 billion.

Any vulnerabilities to its platform would have been fatal, so Tsumak’s discovery was an important one. Both venues were said to have been suffering from the same issue but in different iterations.

Speaking with industry news sources, Tsumak claimed that he had agreed with Rocket Pool, Lido, and Immunefi – the leading bug bounty protocol for the decentralized finance (DeFi) space – not to include any details about the bug. Rocket Pool and Lido would work on a patch to ensure that everything stays functional going forward.

The bug also had pretty broad ramifications. While Lido had mentioned that “under 100 ETH” was vulnerable, a separate vulnerability disclosure report showed that the number was more than 20,000 ETH.

Off to the Races

For now, Rocket Pool and Lido have implemented temporary patches to ensure the security of users’ funds. But, the problem is far from fixed, so both platforms are still working to get a permanent solution.

They’ve been debriefing their users on social media on developments since the vulnerabilities became public knowledge. Lido assured investors of safety despite its security glitch.

After acknowledging the bug on Monday, Lido proposed a vote to reduce staking limits for all node operators in a bid to reduce the risk posed to its protocol. The company described the bug as “low-impact,” adding that it could only be exploited by the whitelisted node operators.

For its part, Rocket Pool has also delayed its launch. Tsumak had found the vulnerability 24 hours before the platform launched fully, and it is taking steps to rectify things.

The company confirmed yesterday that while the vulnerability was “minimal,” it wouldn’t be taking any chances with customers’ funds. So, it has delayed its launch indefinitely and will announce a new launch date soon.

Rocket Pool also expressed gratitude to Tsumak and the StakeWise team for reporting the bug, despite being a rival to both affected parties.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide