The Lido Community Staking Module (CSM) is a permissionless module that allows community stakers to run Ethereum validators with a low cost of entry. Stakers provide stETH bonds that act as security collateral and receive rewards in the form of bond rebasing and staking rewards (including execution layer rewards) that are socialized across Lido’s staking module. Lido Staking Router (SR) V2 is a component that utilizes a modular design to support staking modules such as CSM.
Ackee Blockchain Security has assigned two specialized teams to audit Lido CSM updates. One team focused on the Community Staking Module (CSM) and the other team focused on the Staking Router (SR). The Lido CSM update itself is divided into two parts: new contracts for the CSM codebase, which are in separate repositories, and changes to existing core contracts, such as SR. To ensure a thorough and efficient review, each team simultaneously audited two parts, covering security aspects of CSM and SR respectively.
In both reports, Ackee Blockchain Security found 46 issues, resulting in 32 fixes for Lido Finance.
Lido Finance collaborated with Ackee Blockchain Security to conduct a security review of the Lido Finance Community Staking module for a total of 74 engineering days from July 16 to September 6, 2024.
Lido Finance also partnered with Ackee Blockchain Security to conduct a security review of the Lido Finance Staking Router for a total of 26 engineering days from July 22 to August 23, 2024.
Both times the donation included Fuzzing with. wake framework. The audit revealed 7,831 lines of fuzz tests, 58 execution flows, and 36 stateful invariants. All tests are public. awesome weather test Repo. The audits of CSM and SR included 5256 and 3434 lines of code, respectively.
methodology
The CSM methodology includes the review, implementation, and execution of manually guided differential stateful fuzz tests in the Wake testing framework to verify the correctness of the system. Ackee conducted a thorough manual review of the code, focusing on the following aspects:
- Bonds provided by node operators are properly accounted for and cannot be stolen from any account.
- The system does not have any underflow/overflow issues that could lead to incorrect state updates.
- There is no way to prevent abuse of permissionless capabilities from putting node operators into unintended states and performing actions on contracts.
- Node operators cannot hold invalid keys and cannot disrupt system functionality.
- CSM cannot cause a denial of service to other staking modules and the logic responsible for key storage.
- Node operators can withdraw their rewards and uncollateralized funds without any problems.
- Although this is not true, it is not possible to falsify evidence for the deletion or withdrawal of a validator, which is allowed by the smart contract.
- The system does not suffer from denial of service attacks from node operators spamming transactions.
- Access controls are neither overly restrictive nor lax and are appropriately enforced across all critical functions.
- Node operators cannot earn more rewards than specified in the reward distribution report.
- If there are not enough votes to reach the configured quorum, the reward distribution report cannot be approved.
- Node operators cannot break a module’s logic by putting the validator in an unexpected state.
Manual review was performed concurrently with: staking router Ackee Blockchain Security conducted the audit. Any issues that could be of medium or higher severity were immediately reported to the Lido team. These issues include the date they were reported in the description of this article. The review was concluded using static analysis tools, including: awake.
The SR methodology involves creating a Python model of the Lido protocol using the new Curated Staking module (NodeOperatorsRegistry) and the Community Staking Module (CSM) as modules. All in-scope contracts, including the CSM codebase, have been deployed and the rest of the protocol architecture has been forked from the mainnet. In the Python model, Ackee built a manually guided fuzzing campaign using flows implemented for each function in the contract. Finally, we defined some of the most notable stateful immutables.
- Python states are equivalent to contracts (differential testing approach).
- Invariance to the number of keys (e.g., the number of keys deposited is always less than or equal to the number of keys examined).
- More stateless checks, like correct incrementing of nonce, correct event emission.
While reviewing staking routers, Ackee paid special attention to the following:
- Exploring the potential attack surface of key contracts due to the introduction of permissionless staking modules;
- New probe and suspend mechanism in DepositSecurityModule;
- Possible malfunctions of the Guardian, including signature playback and correct nonce usage;
- Accounting Oracle’s Multi-Transaction Step 3 Report;
- Permissionless reward distribution by NodeOperatorsRegistry;
- Ensure overall access controls are neither too relaxed nor too strict.
- I’m looking for common problems like data validation.
range
A CSM audit report has been performed on the commit. 8ce944 and 13f78f They are housed in a community staking module and a handy tracking repository respectively.
- All files in the src directory except src/interfaces in the community staking module repository;
- contract/EVMScriptFactories/CSMSettleELStealingPenalty.sol in the Easy Tracking repository.
The SR audit report further specifies the scope of commits. fafa23 Includes:
- contract/0.4.24/nos/NodeOperatorsRegistry.sol
- contract/0.8.9/DepositSecurityModule.sol
- contract/0.8.9/StakeRouter.sol
- contract/common/lib/MinFirstAllocationStrategy.sol
- contract/0.8.9/oracle/AccountingOracle.sol
- contract/0.8.9/sanity_checks/OracleReportSanityChecker.sol
Findings
Lido CSM+SR’s investigation revealed a total of 46 issues, 32 of which were resolved by Lido Finance.
| critical | high | middle | low | information | warning | gun |
| 0 | 0 | 1 | 11 | 18 | 16 | 46 |
conclusion
The review resulted in 46 findings ranging from informational to medium severity, and 32 of the 46 findings were corrected by Lido Finance. In the most severe case of M1, no valid key covered bond is deposited, incorrectly preventing node operators from creating new validators in certain circumstances.
Ackee Blockchain Security recommends Lido Finance.
- Ensure that off-chain services operate as expected to achieve security guarantees in the system.
- Be careful when using unsafe functions and functions that do not properly update all internal state, such as CSAccounting.updateBondCurve or CSAccounting.setBondCurve.
- Avoid using unconfirmed blocks that rely heavily on the correctness of external contracts, as violating the assumptions can lead to serious vulnerabilities.
- Ensures that contracts are deployed and initialized atomically so that pre-execution of the initialization function is not possible.
- Resolve any reported issues.
Ackee Blockchain Security’s full Lido Finance CSM audit report can be found here. The Lido Finance SR report can be found here.
We were delighted to thank Lido Finance and look forward to working with them again.