Stake & Earn

Lido Essentials

Security
Known Risks and MitigationsSecurity Practices and Processes

Run on Lido

stETH and wstETHLido in DeFiLido InstitutionalLido Multichain

Known Risks and Mitigations

The Lido Protocol operates in a dynamic ecosystem where various risks must be actively managed. Below is an outline of key known risks affecting stakers, node operators, and the Lido protocol, along with measures to mitigate them. While these risks are continuously monitored and reduced through decentralization, governance, and technical safeguards, it is important to note that new or currently unknown risks may emerge over time as the protocol and its surrounding ecosystem continue to evolve.

Slashing Risks

Validators can potentially face staking penalties. In very extreme cases of slashing (i.e., validator behavior seen as malicious by the rest of the network), up to 100% of staked funds could be at risk, but such scenarios would necessitate severe client software bugs, malicious takeover, or a compromise of multiple large node operators, leading to correlated slashing penalties. To minimize this risk, the Lido Protocol maintains a diverse validator set, with hundreds of participating node operators. The protocol's protections include:

  • Decentralization: Each unique entity controls less than 1% of the Ethereum network's validators.

  • Diversified Node Operators and setups: Hundreds of independent operators spread across the world employ heterogeneous client and infrastructure setups to reduce systemic risks.

  • Ad hoc slashing fund: An ad hoc fund set aside by Lido DAO provides an additional safety net against severe slashing events. This fund, operated via a vault contract, holds around 6,600 stETH for potential coverage of severe losses. The use of the fund is subject to governance, requiring DAO discussions and approval before execution.

Oracle Data Manipulation Risks

The Lido Protocol relies on the Oracle Committee to report external data, including validator states and balances on the Consensus Layer. This data can affect the internal protocol rate of stETH to ETH through rebasing. In a worst-case scenario, a compromise of the majority of the Oracle Committee (i.e., five or more of the 9 members) could report incorrect balances, which could lead to triggering of significant negative rebases. Users should bear in mind risks related to stETH rebasing when entering into complex DeFi positions, such as leveraged staking or borrowing uncorrelated tokens (such as stables) against stETH positions.

Mitigation Measures:

  • The Oracle software is open-sourced, and all material changes are audited by professional third-party security auditors before being used on the Ethereum mainnet.

  • The Oracle Committee is made up of nine independent oracle operators.

  • OracleReportSanityChecker: An in-protocol safety net that verifies incoming reports against abnormal changes, requiring governance intervention if anomalies are detected.

  • Trustless data availability: Ongoing efforts to make Oracle-provided data verifiable on-chain using technologies like zero-knowledge proofs (ZK proofs).

Governance Misalignment

Governance of the protocol is determined by LDO holders, while stETH holders are the users who stake through it. This creates a potential conflict: governance decisions could benefit LDO holders at the expense of stakers—for example, by drastically increasing protocol fees or misusing staked ETH.

Mitigation Measures:

  • Two-phase voting: Every on-chain voting has a special period called the ‘objection phase’. This phase is a 48-hour time lock. This is the first line of defense, designed to enable LDO holders to respond to potential issues.

  • Dual Governance empowers stETH and wstETH holders to safeguard their assets in the event of contentious or harmful governance decisions within the Lido protocol. If necessary, it enables holders to delay or block proposed changes until they have safely exited the protocol. For more details, check the 101 Explainer

Implementation Risks: Bugs, misconfigurations, and hidden vulnerabilities

As with any software system, the protocol may be subject to hidden bugs, misconfigurations, and undiscovered vulnerabilities.

Mitigation Measures:

  • Rigorous development processes: Adhering to strict development protocols for both on-chain and off-chain components.

  • Specification drafting: Creating detailed documentation before implementation.

  • Design principles: Emphasizing robust architecture and focusing on edge cases, and having emergency and failure modes covered at the spec level.

  • Comprehensive testing: Including unit tests, integration tests, and testing in diverse environments.

  • External audits: Engaging third-party security experts to review code.

  • Fuzzing and formal verification: Using advanced techniques to uncover vulnerabilities.

  • Pre-deployment and acceptance testing: Ensuring all contracts and off-chain software are initialized, functioning, and safeguarded as intended before going live.

  • Bug Bounty Program: Engaging experts to identify and report vulnerabilities through rewards. Learn more.

Ethereum PoS Economy Risks

The Lido protocol relies on the design and economic principles of Ethereum's Consensus Layer. While the protocol continually adapts to changes from network upgrades and hard forks, there is a tail risk that fundamental changes to the Consensus Layer's economic principles — or even network deprecation — could impact the Lido protocol.

Mitigation Measures:

  • Active participation: Engaging in Ethereum network roadmap discussions.

  • Community involvement: Inviting the broader community to discuss potential impacts.

  • Liquid staking advocacy: Raising concerns and questions that may affect liquid staking protocols, leveraging Lido protocol's position as a significant actor within the Ethereum ecosystem.

Token Price and Liquidity Risks

Users face the risk that the price of stTokens (like stETH) on secondary markets (e.g. DEXs and CEXs) may be lower than their inherent value in ETH due to supply and demand market dynamics. Although the in-protocol withdrawal mechanism usually means that secondary market exchange rates converge towards the in-protocol ETH:stETH rate over time, since withdrawals are not instant (owing to the validator exit and withdrawal mechanisms of Ethereum's PoS implementation), and the difference between primary and secondary market rates usually tends to balance out over time/tends to move toward alignment.

Mitigation Measures:

  • Transparency: The Lido DAO is committed to communicating these risks openly.

  • Risk management: Ongoing efforts to minimize these risks through protocol improvements and community engagement.

Previous

Governance Stack

Next

Security Practices and Processes

Your privacy matters. We use cookieless analytics and collect only anonymized data for improvements. Cookies are used for functionality only. For more info read Privacy Notice.

Lido Products
stETHstRATEGYLido GGVLido DVVInstitutional staking
For Node Operators
Community Staking ModuleCurated moduleSimple DVTNode operator portalLido operatorsProtocol stats & metrics
Lido DAO
Governance stackResearch forumOff-chain votesOn-chain votesLEGO grantsDecentralization scorecard
For Builders
Lido tokens integration guideSDKDocsSmart contracts
Community
Lido ConnectContribute
Lido Protocol
GitHubAuditsBug BountyMultichain
Analytics
Lido analytics hubLido morning coffeeEcosystem
Support & Resources
How Lido WorksPress kitInstitutional press kitBlogFAQHelp center
Privacy Notice
Terms Of Use