Lido Protocol Upgrade | October 27th, 2021
Today, the Lido DAO voted in favor of upgrading the core protocol smart contracts. The upgrade includes the following fixes and improvements:
- Implement protection from deposit front-running vulnerability (#357, see below).
- Allow a node operator to remove their keys in batches (#358).
- Prohibit setting non-zero initial staking limit when adding a node operator (#360).
- Improve compatibility of the emergency funds recovery function with external smart contracts (ce5e562).
Together, these upgrades improve the security and consistency of the protocol. The Lido team would like to thank the community for discussing, reviewing and voting for these changes—without you, none of these would be possible.
Deposit front-running protection
Recently, a potential exploit scenario was reported to our bug bounty program on Immunefi allowing a malicious node operator to substitute protocol’s withdrawal credentials (pointing to a smart contract) with the credentials controlled by the operator. You can find more details in this blog post. Following that, short-term mitigation was installed and the community started designing and discussing mid- to long-term solutions.
The mid-term solution that was chosen and implemented involves establishing a Deposit Guardian Council. The Council members are tasked with running an offchain daemon that constantly checks and vets the onchain state. Deposits can only be made by the protocol if the current onchain state has been vetted by at least two-thirds of the committee members—this is enforced by verifying member signatures onchain. Note that users can still submit ETH and mint stETH at any time since all received Ether gets buffered and deposited in batches later.
Initially, the council consists of six entities: stakefish, SkillZ, Blockscape, Staking Facilities, P2P Validator, and Lido dev team. These have the skills and capacity to operate the daemon and (except the Lido dev team) are among the most staked Lido node operators. Later the committee should be expanded.
The better long-term solution would require upgrading the Ethereum consensus layer specification, making the front-running attack entirely impossible on the L1 without involving any trusted committee. This solution is currently being discussed within the Ethereum community.
This is not the last protocol upgrade: the Lido core smart contracts will have to be upgraded several more times in preparation for the Merge and introduction of withdrawals.
The team is currently working on the design specifications of the mechanisms involved and will publish them for discussion within the community as soon as initial drafts are ready. Stay tuned for further updates!