Reimbursing validators after Manifold security incident

The Manifold team deeply regrets October’s security incident (details here and here), as well as the poor communication that followed. We have calculated that Lido node operators missed out on 5.294 ETH of gas tips as a result of the incident and propose to send that amount to the execution level rewards vault in order to make them whole. We have completely patched the vulnerabilities that led to this incident, and as of last week we are once again accepting blocks permissionlessly from any builder.

Communication

As many in the Lido community witnessed, our communications on Twitter and other channels following the incident were highly unprofessional and damaged trust between our team and Lido, as well as the broader Ethereum community. This followed months of similarly unprofessional engagement from our Twitter account, often including kneejerk and insulting comments directed at respected members of the Ethereum ecosystem who were engaging with us in good faith. This behavior runs counter to the open and collaborative ethos of Ethereum and crypto more broadly, and we tremendously regret it.

Going forward, external communications and business development will be handled by myself, having been brought onto the team for this purpose three weeks ago. I personally have deep respect for the creativity, ingenuity, and optimism I see in the space every day, and am committed to making Manifold the kind of positive and collaborative participant the space deserves. The rest of the team (now over ten people) is in alignment on this vision.

As part of our commitment to positive engagement in the future, in one week I will be deleting all old hostile tweets from our official Twitter account, as these insults and attacks have no place in our project or in the ecosystem. I am announcing this in advance in order to be as transparent as possible.

I’d also like to invite any Lido community member to reach out to me here or on Telegram (@james4848) with thoughts or ideas on this or any other topic going forward. I hope that as we build a track record of productive, cooperative engagement we will regain the trust of the Lido community and the ecosystem more broadly.

Our Values

Our highest value has always been and remains censorship resistance. We believe that censorship at the relay level is an existential threat to Ethereum, and this is the primary reason we launched SecureRPC as a public good. We are more eager than ever to continue working with Lido to secure and strengthen Ethereum, and will strive to be as valuable and constructive a partner as we can be going forward.

We recalculated the numbers based on data from our monitoring. The total amount is 5.293605879341921000 ETH. The calculations are based on the difference of the fee_recipient balance for a particular block and the previous one. Thus, numbers are correct assuming the reimbursement is as per lost gas fees only.

James, thanks for the proposal! It doesn’t seem that there are no objections or questions from the community, and the amount was successfully recalculated. I agree that the amount should be sent to the Lido execution layer rewards vault (which can also be verified here Deployed Contracts | Lido Docs).

To that end, I would suggest with proceeding with disbursement at your convenience and letting the community know once that’s done.

Why is the refund only for lido validators? The non-lido validators did not get reimbursed (I am one of them). The total loss for all validators is 7.47 eth, Postmortem of incident on 2022-10-15 - HackMD. Should I send you the details?

We’ve just sent the ETH to the rewards vault.

@edrachir3 would you mind DMing me here or on Telegram? Much appreciated.

Thanks again to the Lido community for your patience as we sorted this out. Looking forward to the future.