Just wanted to update the community with my personal view point on this thus far:
In general, I lean towards the “allow InfStones to resume” option, but also understand and consider both other options choices that can be well argued for. That said, if I were to vote right now, I would probably vote for the “hold for further information” option with an aim to re-consider this in mid-January.
The reasoning for my position is the following:
Despite the late disclosure, which should clearly not be repeated again, the response following the raising of the issue upon contributors learning of the disclosure was appropriate, rapid, and professional. In terms of response, I believe that it’s better to err on the side of understanding in these cases, as outright punitive action would generally make node operators more reluctant to be forth-coming and then take appropriate action if something is identified “late”. This should serve as a useful lesson to the NO set that appropriate, timely disclosure is of paramount importance in these cases (and that the DAO needs to work towards making those expectations clear).
InfStones has proposed to proceed with a probationary period of slow-paced key submission, and the implication that failing of the probation expectations would constitute an exitable offense (from the operator set), which I think speaks to their confidence that the remediation activities have been sufficient.
The measures taken to remedy the identified platform deficiencies (as described by InfStones) seem appropriate, but without a way to verify their correct implementation (e.g. a 3rd party review, as is intended as part of the pentest), it’s difficult to assess whether they have been sufficient to mitigate the vulnerability or not.
The InfStones SOC 2 report was shared with some DAO contributors, and while the general conclusions are satisfactory there are some open questions and the report itself is (by the nature of the scope of work) not meant to provide insights into the specific vulnerability relevant details about the remediation of infra and processes around it.
There has not been the opportunity / time to review detailed evidence regarding remediation (which is reasonable given that this evidence is probably very sensitive and difficult to share).
First, we want to thank you all for the support you have shown us for the vote that took place in December 2023. Based on the feedback we have gathered and the result from that vote, we are pleased to announce that we have completed a comprehensive penetration test conducted by a reputable third-party security firm. This test aimed to address and verify that vulnerabilities within our systems, as discussed here, have been dealt with.
As always, we remain committed to transparency and open communication. Should you have any questions or concerns regarding our security practices, please do not hesitate to discuss them with us.
InfStones have provided the results of the pen-test with the third party information security consultant (https://carbidesecure.com/) (see above), specifically targeting the issues identified in the original infrastructure vulnerability disclosure, and that the detailed report was also provided to DAO contributors who requested access, as well as the aforementioned SOC 2 Type I report. Follow-up questions were submitted by contributors and responses were received. Currently, contributors feel that there is no reason to believe that the relevant infrastructure vulnerabilities are still present, nor that any other known vulnerabilities have not been adequately remediated and/or resolved.
Hi Friends, we are thrilled to see that the Snapshot vote has passed for us to resume as a Lido Operatpr! Thank you all for your support! Special thanks to the NOM and Governance teams for their patience with us throughout. Their guidance and assistance are invaluable for us to achieve the goal.
As the next step, we plan to follow the plan below:
setup on Holesky ASAP with a minimum of 1000 validators.
Once validators are deposited to on Holesky, we will set up ejector infrastructure to test exits.
Once all has been verified as OK on Holesky, we will proceed to the mainnet steps below:
Submitting 100 validator keys on mainnet and running those validators to verify attestation and block proposals are running normally. Plus make sure the ejector is set up correctly by verifying the config and logs with the NOM team
After Step 3 is completed, we will resume managing our validators on the mainnet using our normal practice.
We would like to provide a quick update on the current progress. As of 04-22-2024, we have launched 1000 Holesky testnet validators and tested testnet ejector with the NOM team.
We have been verified that both testnet validators and ejector are functioning correctly. Thus, we will proceed with step 3, which is:
submitting 100 validator keys on mainnet and running those validators to verify attestation and block proposals are running normally. Plus, make sure the ejector is set up correctly by verifying the config and logs with the NOM team
I will provide updates as we progress through the planned steps.
