From the very start of Lido, external audits used to be one of the cornerstone quality standards for the code used in Lido products, specifically for the on-chain code. With Lido’s growing success, audit reports have eventually become an integral attribute of any significant Lido release.
However, until now there was no clear and public process around planning audits for major protocol upgrades. This results in messed-up timelines, release delays, and hectic operations around finding audit slots, posting finalized audit reports, and funding the related expenses.
Proposal to form Audits Committee
We propose forming the Lido on Ethereum Audits Committee aimed at reducing the operational load of the dev team, optimizing audit pipelines, communicating with auditors and the DAO on related topics, and also increasing awareness of Lido security standards within the community.
The main goals of the Audits Committee would be:
Secure at least two finalized audits for each significant release.
The most critical (e.g. Withdrawals-related) projects should have 3 audits on them. Rotating auditors from the partner pool and the previously not engaged ones should be considered a good practice. Not having 2nd public audit report for a major project should be a blocker for release.
Besides the audit slots for the scheduled releases, have the ability to secure mid-sized audit slots on-demand. Consider a retainer from a reliable partner.
Figure out and maintain a sustainable workflow to secure formal verification for critical Lido protocol parts.
Communicate with auditor service providers, and establish long-term relationships with reliable parties.
Secure funding from the DAO, and budget audit-related expenses based on current demand.
Keep the community posted about the important audits secured, in order to increase the community awareness of Lido’s security standards.
Maintain public docs hub page/website page with all the completed audits.
Perform internal housekeeping of audit slots, their occupation, and scheduling
Proposed Committee composition
We propose including core contributors familiar with Lido roadmaps and short-term timelines in the Audits Committee:
Lido is open to partnership with any existing audit service providers including community contest-based solutions.
We encourage entities to approach Lido on Ethereum Audits Committee to discuss partnership opportunities and find the best ways to keep Lido secure. Please email us at [email protected] – we will be happy to chat!
There demand for high-quality audits in Lido is quite significant, as the security of the protocol is a must. The proposal communicates the workgroup and an entry point for audits, as well as notes the current focus on the Ethereum Lido protocol.
We are decurity.io — a team of 20 that does full-stack web3 security audits. Our customers include Yearn, 1inch, Symbiosis, and others. We are members of the team who won the 2nd place worldwide during the Paradigm CTF contest among security auditing teams.
We’ll be happy to contribute to the Lido’s security in different ways: manual smart contract audit, penetration testing, DevSecOps pipeline integration, transaction security monitoring.
Our main points of contact:
Email: [email protected]
Telegram: @beched (Omar Ganiev, CEO), @theRaz0r (Arseniy Reutov, CTO).
Would love to introduce you to Omniscia. We do audits, pen tests, tokenomics analysis and due diligence.
We have audited close to 250 projects like L’Oreal, Euler, Morpho, DappRadar, Tokemak, AvaLabs, Matic, LimitBreak, OlympusDAO since 2021.
Our reports are web-based and include aggressive gas-saving recommendations
We have a clean track record (not on the rekt leaderboard)
Static analysis represent < 10% of the work we will conduct on your contracts. The bulk of the audit consists of having extremely senior security engineers manually review your contracts
It’s a pleasure to introduce Supremacy to the community.
Supremacy is a leading blockchain security agency, composed of industry hackers and academic researchers, providing clients with a one-stop security solution for the whole life cycle with our technology precipitation and innovative research. Our partners include Curve[.]fi, Scroll and others.
We have launched a powerful transaction explorer: Cruise is Supremacy’s Transaction Explorer designed for Web3.0 Ecosystem. currently supports 10+ EVM chains. In this field, its blockchain support far exceeds that of similar competitors.
In addition, we also launched the world’s first Vyperlang-based war game: VyperPunk, which has helped a large number of Vyperlang community members learn about security and has been well received by the contributors.
We are pleased to provide security support to the Lido community, including: Security Advisor, Security Auditing, Threat Intelligence, Situational Awareness, Threat Interdiction, Emergency Response and On-chain Tracking.
The community can link to us through the following ways:
We are Aria would love to form a partnership where we can prove our value in smart contact auditing. Our highly experienced team, enriched by years of expertise in elite units at the IDF, possesses extensive knowledge in web3, cybersecurity, and vulnerability research.
We can help with:
Manual smart contact audit
Share our proprietary technology of fuzzing for your teams
Our team at Aria has successfully discovered critical bug bounties at Immunefi, conducted private audits with Coinmama and Secret and identified vulnerabilities in Code4rena for several projects.
Thank you for coming by! Right now we are covered, but there’s a good chance we will be willing to partner later in the year (probably in 1-2 months from now).
Hey @GrStepanov and Lido team!
We are KALOS - Making Web3 Space Safer for Everyone.
KALOS is a flagship service of HAECHI LABS, providing blockchain wallets and security audits since 2018. Over the course of last 5 years, we have secured nearly $60B crypto assets on over 400 projects.
We bring together the best experts to make web3 space safer for everyone. Our team consists of security researchers with various expertise - smart contract, blockchain, cryptography, web security, reverse engineering, and binary analysis. Their skills have lead to multiple strong performances in reputable CTFs over the past few years.
We will be happy to provide a high quality audit and contribute to Lido’s security. Further informations (our team, tech blog, etc.) can be found in our website below - feel free to connect via email
