The merge-ready Lido protocol upgrade has been implemented recently. While it has been extensively tested by Lido dev team & received the audit from MixBytes team prior to the deployment, the dev team continued looking for ways to get more eyes to review the codebase. Ensuring the protocol smart contracts have been audited by professionals with diverse perspectives allows to notice wide range of potential issues and safely fix them.
Lido dev team has contacted ChainSecurity audit firm and got the slot for the merge-ready protocol version. The audit scope covers the whole Lido protocol with the recent features and tweaks.
ChainSecurity is the established audit firm with wide experience with DeFi protocols in the Ethereum ecosystem. Among other projects, the team has been working with Compound, Maker & Kyber previously.
The quote for the audit scope is CHF 126,920 ($127,604 at the time of writing). We propose to use LEGO for funding the audit, and the grant of that size requires DAO approval. As the decision is binary, we’ll be looking into starting the snapshot vote shortly.
The snapshot is live and will be up till this Fri, June 17th: Snapshot
ChainSecurity is a great audit firm which has worked with large bedrock protocols in the Ethereum landscape. More audits are always good, and the chance to bring fresh eyes to our code as well as get ChainSecurity familiarized with our codebase for potential future audits (provided we can get similar team members on the engagement and the next audit isn’t in over a year from now ) would definitely be useful.
It looks great and promising.
I believe that core protocol codebase should have more audits to maintain sanity, completeness and safety in general. I hope that ChainSecurity might be interested to be the audit partner for Lido on the long-term basis if current proposal implemented successfully.
I strongly encourage the community to support this proposal because the security of smart contracts is critical. The more eyes that look at the code, the more likely we are to find some kind of problem.
Emilie from ChainSecurity here.
We are humbled by your kind words and thrilled to contribute to the security of Lido.
If Lido is satisfied with ChainSecurity’s services and wishes to continue the collaboration, we can gladly commit to recurring audits in 2023.
Looking forward to working together!
We are happy to announce that the audit has been conducted and finalized.
The report is published both on the ChainSecurity website, and in the Lido DAO audits repo: audits/ChainSecurity Code Assessment of the Lido Smart Contracts Report 08-22.pdf at main · lidofinance/audits · GitHub
There was provided a branch of
LOW-severity findings (9 points).
It was decided by devteam to not re-deploy the code and use the provided suggestions for the next meaningful Lido protocol upgrades.
Many thanks to the ChainSecurity team for their efforts and results!