InfStones, a data operator for Lido Finance, has responded to a significant security vulnerability uncovered by security analysts at dWallet Labs. The team plans to temporarily withdraw Ethereum validators from the liquid staking protocol and implement key rotations. The security vulnerability, which is associated with the open-source library Tailon, was reported to InfStones in July 2023 and has been resolved.
How Did the Process Begin?
Lido, the largest liquid staking protocol in the Ethereum ecosystem, oversees over 9.23 million Ethereum assets with a market value exceeding $19 billion. The protocol allows users to deposit ETH and participate in network staking through validator contracts, which provide users with a derivative token representing their deposited funds. A network comprised of operators, known as contributors, is responsible for running these ETH validator nodes, and the necessary infrastructure and servers are provided for their operation.
Lido Finance stated that the security vulnerability affected 25 InfStones validator servers and had the potential for unauthorized access. However, there is no evidence of data leakage or exploitation resulting from this issue:
“To clarify, there is currently no evidence of data leakage or compromise, and the security vulnerability may not affect Lido protocol validators.”
Notable Details in the Report
In the security report, dWallet Labs highlighted that the security vulnerability could potentially trigger a breach affecting the ETH assets staked through InfStones’ data on Lido. As a result, the company proposed a solution through the rotation of validator keys for all potentially affected data.
InfStones stated that the issue reported by dWallet only affected a small portion of their infrastructure and less than 0.1% of their systems through a specific network port within the Tailon platform. This clarification revealed that only a limited number of validator nodes were affected:
“The servers detected in production constitute less than 0.1% of the live nodes we have deployed to date. We have identified that incoming traffic through connection port number 55555 for Tailon can mimic observer privileges and access some of the development and test data.”
