Back

Lido v2 on-chain

5/10/2023Published
ID
Severity
Status
Title 43 Findings
2.1.1
MAJOR
ACKNOWLEDGED

Missing validation for _withdrawalCredentials in StakingRouter

2.1.2
MAJOR
ACKNOWLEDGED

Missing _publicKeys and _signatures validation in NodeOperatorsRegistry

2.1.3
MAJOR
ACKNOWLEDGED

There is no check for equal constructor variables in DepositSecurityModule

2.1.4
MAJOR
ACKNOWLEDGED

checkAccountingOracleReport may revert in case of skipped frames in OracleReportSanityChecker

2.1.5
MAJOR
ACKNOWLEDGED

Missing validation in StakingRouter

2.1.6
MAJOR
ACKNOWLEDGED

Lack of validation of _stakingModuleAddress in StakingRouter

2.1.7
MAJOR
ACKNOWLEDGED

REQUEST_BURN_SHARES_ROLE can withdraw stETH for burning at any time in Burner

2.2.1
WARNING
ACKNOWLEDGED

Possibility of overflow in Burner

2.2.2
WARNING
ACKNOWLEDGED

Allowance cannot be reset in Lido

2.2.3
WARNING
ACKNOWLEDGED

Interface support in LidoLocator

2.2.4
WARNING
ACKNOWLEDGED

All balance is used for rewards in LidoExecutionLayerRewardsVault

2.2.5
WARNING
NO ISSUE

All balance is used for withdrawals in WithdrawalVault

2.2.6
WARNING
ACKNOWLEDGED

Missing validations in unsafeChangeDepositedValidators in Lido

2.2.7
WARNING
ACKNOWLEDGED

Members of the deposit committee can collude with node operators in DepositSecurityModule

2.2.8
WARNING
ACKNOWLEDGED

Missing sanity check that _stETH is a stETH contract in Burner

2.2.9
WARNING
ACKNOWLEDGED

Missing validation for duplication of staking module names in StakingRouter

2.2.10
WARNING
ACKNOWLEDGED

Missing logic for updating staking module name in StakingRouter

2.2.11
WARNING
ACKNOWLEDGED

Missing validation for treasuryFee and stakingModuleFee in StakingRouter

2.2.12
WARNING
ACKNOWLEDGED

Missing error handling logic when calling stakingModule in StakingRouter

2.2.13
WARNING
ACKNOWLEDGED

Try catch can revert in StakingRouter

2.2.14
WARNING
ACKNOWLEDGED

Underflow validation in Packed64x4

2.2.15
WARNING
ACKNOWLEDGED

Total targetShare can be higher than 100% in StakingRouter

2.2.16
WARNING
ACKNOWLEDGED

Missing remove module logic in StakingRouter

2.2.17
WARNING
ACKNOWLEDGED

Number of staking modules cannot be changed in StakingRouter

2.3.1
INFO
ACKNOWLEDGED

MANAGE_NODE_OPERATOR_ROLE is overpowered in NodeOperatorsRegistry

2.3.2
INFO
NO ISSUE

Guardians are not stored in sorted array in DepositSecurityModule

2.3.3
INFO
FIXED

require should be removed in Burner

2.3.4
INFO
FIXED

key can be updated with the same value in OracleDaemonConfig

2.3.5
INFO
ACKNOWLEDGED

Int type initialization to zero is redundant

2.3.6
INFO
ACKNOWLEDGED

STAKING_MODULE_INDICES_MAPPING logic is redundant in StakingRouter

2.3.7
INFO
FIXED

Unclear use of the moduleAddr variable in StakingRouter

2.3.8
INFO
FIXED

Typos in contracts

2.3.9
INFO
ACKNOWLEDGED

Out-of-gas validation in StakingRouter

2.3.10
INFO
ACKNOWLEDGED

No logic for manual reward distribution in StakingRouter

2.3.11
INFO
ACKNOWLEDGED

Missing on-chain validation in the function requestWithdrawals in WithdrawalQueue during the bunker mode

2.3.12
INFO
ACKNOWLEDGED

Frontrun deposit_root for pausing deposits in DepositSecurityModule

2.3.13
INFO
ACKNOWLEDGED

Mass slashing of non-Lido validators increases the potential damage from malicious behavior of Lido node operators

2.3.14
INFO
ACKNOWLEDGED

Large deposits and withdrawals during the limiter-capped rebases in OracleReportSanityChecker

2.3.15
INFO
ACKNOWLEDGED

"Memory Array Creation Overflow" compiler bug

2.3.16
INFO
ACKNOWLEDGED

ECDSA signature malleability in the OpenZeppelin library in EIP712StETH

2.3.17
INFO
ACKNOWLEDGED

Explicit cast to address in StakingRouter

2.3.18
INFO
ACKNOWLEDGED

UINT64_MAX explicitly declared in NodeOperatorsRegistry

2.3.19
INFO
ACKNOWLEDGED

Link does not exist in StETH

Please select finding