Hi all, I have some concerns with this proposal.
1. I’m confused: “wstETH is now an OFT” is being marketed like it’s official, but the LidoDAO hasn’t voted yet??
There appears to have been a coordinated marketing effort between Avalanche, BNB, and LayerZero with a series of twitter posts and slick videos implying that LidoDAO has already officially accepted the OFT standard. How is this possible when this is just a proposal?
Given the serious security concerns (discussed below), I think it’s dangerous to market this as a done deal without a proper discussion in these forums. The DAO shouldn’t feel pressured to support a proposal based on a marketing campaign.
2. The OFT standard is a “mint-and-burn” standard, which means there is some risk of an exploit leading to the unauthorized, and potentially unlimited minting of wstETH.
As the proposal states, token “balances are directly modified via messages transmitted from the source to the destination chain”. This means that if this messaging layer is ever corrupted, there is the possibility of an unlimited mint of wstETH. LayerZero appropriately allows Lido to select the bridging security method used, however with any method chosen there is still some risk. Given how critically important stETH is to Ethereum as a whole, I think this risk—however small—needs to be properly discussed within this community.
To spell out the absolutely worst-case scenario, imagine that the messaging layer for this OFT standard is corrupted and unlimited wstETH are minted. Confusion and concern about this exploit could easily cause heavy selling and withdrawals on Ethereum itself, leading stETH to depeg. This would be very bad and very scary. Before this standard is adopted by the DAO, I believe these concerns should be fully and properly debated.
3. There are other “mint-and-burn” standards that could be considered.
If LidoDAO does decide that the risks of a mint-and-burn bridge are worth the benefits, there are other alternatives to LayerZero’s OFT standard that may be worth exploring. Specifically there is a standard called xERC20 that may be worth considering. I am not an expert on the details of this standard, but I believe that it does allow for the use of the chain’s native messaging bridge when it exists (something that the OFT standard does not). For example, since Scroll has a canonical/trust-minimized messaging bridge between itself and Ethereum, the xERC20 standard would be able to use this trust-minimized bridge for mint-and-burn messages. This may address some of the concerns raised regarding Scroll security in other posts above.
Perhaps the DAO should issue an RFP requesting proposals to bring wstETH to Avalanche/BNB/Scroll and invite a proper debate on the pros and cons between various approaches before picking a solution?