Lido assures LDO, stETH tokens remain safe despite flaw in token contract
The “fake deposit” attack enables bad actors to execute a transfer where the requested value is larger than what the user actually owns. Ethereum staking protocol Lido Finance has assured both Lido DAO (LDO) and staked-Ether (stETH) tokens remain safe despite hackers allegedly exploiting a known security flaw in LDO’s token contract. Lido didn’t confirm any exploits, but acknowledged the security flaw was known and reassured LDO and stETH funds remain safe in response to a Sept. 10 post by blockchain security firm SlowMist. SlowMist said LDO’s flawed token contract allows bad actors to facilitate “fake deposit” attacks on exchanges because LDO’s token contract enables users to execute transactions even where they don’t have sufficient funds. This code deviates from the Ethereum Request for Comment 20 (ERC-20) token standard, according to SlowMist. However, Lido Finance argued the flaw is built into all ERC-20 tokens — not just Lido’s LDO token: This behaviour is expected and conf