LIP-5: Mitigations for deposit front-running vulnerability

We have developed a mitigation for the deposit front-running vulnerability and are running it in testnet right now. The details are here.

The gist of it is that every deposit on the beacon chain will only allowed to go through if the correct state of deposits had been attested by the security committee. It has minimal impact on the day-to-day operations of the protocol or the DAO, and is capital efficient, as it doesn’t require additional pre-deposits from validators. For a first member set of the committee, we propose Stakefish, Skillz, Chorus One, Blockscape, Staking facilities, P2P, and the Lido dev team. They’ve got skills and capacity to operate the daemon and are among the most staked Lido node operators, which means that for the moment they have all incentives to keep it secure and operational. Later the committee should be expanded.

We’re going through a number of security reviews, but full audits on the feature will not be available for a few weeks at least. The changes to the core protocol contracts are kept to be minimal, the code is well-tested. I’m personally feeling quite safe at upgrading after we get the reviews but that’s something the DAO should discuss thoroughly.

We’ve got over 30 thousand ether sitting in deposit buffer temporarily blocked, which while being less than 3% of total protocol holdings still urge us to deposit them as soon as it’s safe.