The Lido Community Staking Module (CSM) is a permissionless system that enables community stakers to run Ethereum validators at reduced entry costs. Stakers contribute stETH bonds, which act as collateral for security, and receive rewards through bond rebasing and staking profits (including execution layer rewards), distributed across Lido’s staking modules. The Lido Staking Router (SR) V2 is a modular component that accommodates various staking modules, including CSM.
Ackee Blockchain Security assigned two expert teams to audit the Lido CSM update; one team concentrated on the Community Staking Module (CSM), while the other focused on the Staking Router (SR). The Lido CSM update has two main elements: the introduction of new contracts for the CSM codebase in a distinct repository, and amendments to existing core contracts, including the SR. To facilitate a comprehensive and effective review, the teams conducted audits on these two components simultaneously, assessing the security features of both CSM and SR.
Ackee Blockchain Security identified a total of 46 findings across both reports, with severity levels ranging from Info to Medium. Of these, Lido Finance addressed 32 findings.
Lido Finance contracted Ackee Blockchain Security for a security review of the Lido Finance Community Staking Module spanning a total of 74 engineering days, conducted between July 16 and September 6, 2024.
Additionally, Lido Finance engaged Ackee Blockchain Security for a security evaluation of the Lido Finance Staking Router, which required 26 engineering days, occurring from July 22 to August 23, 2024.
Both audits included Fuzzing using the Wake Framework. The audits yielded 7831 lines of fuzz tests, encompassing 58 execution flows and 36 stateful invariants. All tests have been publicly shared in the awesome-wake-tests repository. The audit of CSM involved 5256 lines of code, while the SR audit comprised 3434 lines of code.
METHODOLOGY
The CSM audit methodology entailed reviewing, implementing, and executing manually-guided differential stateful fuzz tests using the Wake testing framework to confirm system correctness. Ackee executed a meticulous manual review of the code, concentrating on the following key areas:
- ensuring the bond contributed by node operators is accurately tracked and impervious to theft by other accounts,
- confirming the system is free from underflow/overflow issues that could trigger erroneous state updates,
- preventing abuse of permissionless functions that could lead node operators into unintended states and block them from executing contract actions,
- ensuring node operators cannot submit invalid keys that compromise system function,
- ensuring CSM does not cause denial of service to other staking modules nor affect key deposition logic,
- confirming node operators can withdraw their rewards and unbonded funds without complications,
- ensuring that false proofs of validator slashing or withdrawals cannot be created and falsely validated by the smart contracts,
- preventing denial of service attacks from node operators spamming transactions,
- verifying that access controls are implemented accurately in all critical functions without being overly restrictive or permissive,
- ensuring node operators do not receive more rewards than specified in the rewards distribution report,
- validating that the rewards distribution report cannot be deemed acceptable without sufficient votes to meet the configured quorum,
- ensuring that no unexpected states are induced for validators by node operators, potentially disrupting the module’s logic.
The manual review occurred concurrently with the Staking Router audit conducted by Ackee Blockchain Security. Any issues identified with potentially medium severity or greater were promptly communicated to the Lido team, noted in the report dated descriptions within this document. The review concluded with the use of static analysis tools, including Wake.
The SR audit methodology involved creating a Python model of the Lido protocol, incorporating the new Curated Staking Module (NodeOperatorsRegistry) and Community Staking Module (CSM) as elements. All relevant contracts were deployed, including the CSM codebase, while the rest of the protocol architecture was forked from the mainnet. On this Python model, Ackee executed a manual fuzzing campaign, applying flows for each contract function. Additionally, several stateful invariants were established, the most noteworthy being:
- ensuring the Python state matches the state in the contracts (differential testing approach),
- invariants concerning key counts (for instance, the number of deposited keys is always less than or equal to the vetted keys count),
- and verifying proper nonce incrementation, along with other stateless checks such as accurate event emissions.
During the Staking Router audit, Ackee emphasized:
- the potential attack surface of core contracts arising from the introduction of permissionless staking modules,
- the new unvetting and pausing mechanisms in DepositSecurityModule,
- the possibility of guardian misbehavior, including signature replay issues and proper nonce usage,
- the implications of multi-transactional third-phase reports from the accounting oracle,
- the implications of permissionless reward distribution in NodeOperatorsRegistry,
- ensuring access controls maintain a balance between being too lax and overly strict,
- and investigating prevalent issues, such as data validation concerns.
SCOPE
The CSM audit report was executed on the commits 8ce944 and 13f78f in the community-staking-module and easy-track repositories, respectively.
- all files located in the src directory, excluding src/interfaces, within the community-staking-module repository,
- contracts/EVMScriptFactories/CSMSettleELStealingPenalty.sol in the easy-track repository.
The SR audit report specifies the scope further, based on commit fafa23, and includes the following:
- contracts/0.4.24/nos/NodeOperatorsRegistry.sol
- contracts/0.8.9/DepositSecurityModule.sol
- contracts/0.8.9/StakingRouter.sol
- contracts/common/lib/MinFirstAllocationStrategy.sol
- contracts/0.8.9/oracle/AccountingOracle.sol
- contracts/0.8.9/sanity_checks/OracleReportSanityChecker.sol
FINDINGS
The total findings from the Lido CSM+SR assessments amounted to 46 issues, with 32 issues rectified by Lido Finance.
| Critical | High | Medium | Low | Info | Warning | Total |
| 0 | 0 | 1 | 11 | 18 | 16 | 46 |
CONCLUSION
The audit produced a total of 46 findings with severity levels ranging from Info to Medium; 32 of these were rectified by Lido Finance. The most critical issue, M1, involved valid keys not being deposited, thereby incorrectly prohibiting node operators from establishing new validators under certain conditions.
Ackee Blockchain Security advises Lido Finance to:
- ensure that off-chain services operate correctly to uphold the security guarantees of the system,
- exercise caution with unsafe functions and those that do not effectively update all internal states, such as CSAccounting.updateBondCurve and CSAccounting.setBondCurve,
- refrain from utilizing unchecked blocks that significantly depend on the accuracy of external contracts, as deviations could result in critical vulnerabilities,
- ensure that contract deployment and initialization happen atomically, preventing the potential for front-running of initialization functions,
- address all reported issues.
The complete audit reports for Lido Finance CSM can be accessed here. The Lido Finance SR report can be found here.
We were pleased to conduct the audit for Lido Finance and anticipate further collaboration in the future.
Dutch
English
French
German
Greek
Italian
Portuguese
Russian
Spanish