Link copied 
Lido Finance, a well-regarded Ethereum staking protocol, recently addressed concerns raised about a security vulnerability in their LDO token contract. Despite the whispers of hacker exploitation, the company was quick to affirm that both their LDO and stETH tokens were not compromised.
The attention to this issue was intensified when SlowMist, a notable blockchain security firm, highlighted the flaw on September 10. According to their findings, the LDO token contract has an irregularity, allowing users to transact even without the necessary funds, leading to potential "fake deposit" assaults on crypto exchanges.
SlowMist's investigation revealed that these attacks could result in the contract processing transfers of higher values than what the users genuinely possess. Such activities yield false returns rather than rejecting the transaction. The security firm also indicated that there might have been recent exploitation using this vulnerability. However, they did not present any concrete evidence from the blockchain to validate this claim.
Further adding to the dialogue, an on-chain analyst known as “Hercules” mentioned on September 10 that many cryptocurrency exchanges might overlook this particular security oversight.
While acknowledging the issue, Lido Finance presented a counter-argument, stating that this particular vulnerability is inherent to all ERC-20 tokens, not exclusive to LDO. They also referred to the official Ethereum Improvement Proposal document, crafted partly by Ethereum's Vitalik Buterin in November 2015. The document emphasizes that functions like “transfer” and “transferFrom” should only return their transfer status and are advised to reject a transaction under rare scenarios.
In the wake of these discussions, Lido has signaled its commitment to its users' security and trust. They've indicated plans to soon revise the LDO token integration guides, ensuring a reinforced security posture.
