Hi there, Gregory of the Lido Audits Committee here. Chiming in to add more color regarding the security assessment of this upgrade.
Considering audit options we found the risks imposed by this upgrade on the protocol participants and stakeholders to be fairly limited.
- In fact, the total amount of stETH held in the Anchor vault is currently under 2,800 stETH, and is not expected to increase since the integration isn’t live for a long time now.
- Besides, the contracts involved aren’t connected to the Core protocol, Oracle, and DAO contracts in any way, which isolates risks from other Lido assets.
- Additionally, the scope of the upgrades includes changes that we found to be somewhat trivial, while a full-fledged audit would require significant time, effort, and funds to add little security.
Based on the reasons above, it has been decided to only submit the code to our long-time partners at Statemind for external review – on top of already pretty robust internal Lido security standards.
I would like to thank @Misha_Statemind and the team for their exemplary performance (just as ever).