- SlowMist said that the loophole allowed anyone to carry out transfers exceeding the amount of funds that they held.
- LDO fell after the disclosure but recovered after Lido’s assurance.
Unscrupulous players exploited a known vulnerability in Lido Finance’s [LDO] token contract to launch “fake deposit” attacks on exchanges, according to blockchain security firm SlowMist. However, no on-chain evidence was provided as of this writing to ascertain the veracity of the claim.
Within seven hours of the disclosure, Lido assured users that their funds in governance token LDO and liquid staking token Lido Staked ETH [stETH] were safe.
Realistic or not, here’s LDO’s market cap in BTC terms
Arguments and counterarguments
Providing more details, SlowMist said that the security loophole allowed anyone to carry out transfers exceeding the amount of funds that they held. Due to the logical flaw, instead of the ideal transaction rollback scenario, a false return was triggered.
SlowMist had a word of caution for exchanges,
“Be aware that there are many token contracts in the market that do not adhere to the ERC20 standard. Before integrating new tokens, ensure a deep understanding and analysis of their contract code to ensure the correct deposit logic.”
However, Lido was not convinced. It stated that the particular behavior was not confined to LDO tokens but extended to all other ERC-20 tokens as well.
Using the ERC-20 standard as a guide, Lido demonstrated how the logic returned transfer status in all regular scenarios and only reverted the transaction in “exceptional” circumstances.
LDO witnesses a fall
As the issue escalated, LDO began to feel the heat. Lido’s native token fell 4.5% to $1.45 in the hours following SlowMist’s post on social media platform X, formerly Twitter. However, Lido’s counterargument served to calm the waters. LDO recovered to $1.49 at the time of writing, data from CoinMarketCap revealed.
Is your portfolio green? Check out the LDO Profit Calculator
As per Santiment, there was a noticeable rise in LDO trading volumes which suggested that panicky holders tried to get rid of their stashes.
Moreover, LDO’s social volume spiked. This indicated that the negative chatter around the token had increased on crypto-focused social groups of popular forums.