Hi Gregory! Thanks so much for the quick response. Your perspective is very helpful in establishing the context for security needs at Lido.
We acknowledge the time and effort required to prepare for an infrastructure security audit, but considering the acceleration in the frequency and magnitude of off-chain attacks, we believe it’s well worth the effort. We would be happy to provide our input and assistance in helping Lido take the necessary steps to get ready.
We believe our proposal is particularly apropos considering the InfStones vulnerability disclosure that was just recently posted in Izzy’s thread. This is a great illustration of the value of regular pen testing. Our off-chain team would have caught this vulnerability with a simple port scanning process that we execute as part of our annual infrastructure auditing. Proactive identification of vulnerabilities, particularly off-chain ones, can help ensure the Lido ecosystem remains as safe and secure as possible.
Halborn