Lido · DeFi Risk

DeploymentsEthereum · $21.4B

Risk profile at a glance

0 red · 1 yellow · 12 green

Categories & evidence

184 factors · 13 categories

Code & audits Green 9 25 of 25

RD-F-001 yellow Audit scope mismatch Core V2 contracts covered by audit commits (e57517730c / 2bce10d4f0). V3 stVaults deployed Jan-Mar 2026 with Certora FV dated 2026-01-10 and Consensys Diligence fix-review at commit 88ce9647. Diligence noted 'new vulnerabilities still being identified at end of audit' and recommended delayed production deployment. Broad but temporally compressed audit coverage on V3 surface. RD-F-003 yellow Resolved-without-proof findings Certora V3 (12-2025): 84 issues, 7 critical + 14 high, 70 fixed, 14 acknowledged. Consensys Diligence V3 fee-deferral high finding fixed in commit 88ce9647. Cannot confirm all acknowledged items are non-high-severity without PDF access. Code4rena 2025-07: 0 high/medium. RD-F-006 yellow Audit-to-deploy gap V2 core: ~30-40 days audit-to-deploy delta. V3: Diligence fix-review Nov 2025, Phase 1 deploy Jan 2026 (~60+ days). Certora V3 FV completed 2026-01-10, Phase 2 deploy 2026-01-29 (~19 days). Temporal compression on FV relative to deploy for V3. RD-F-014 yellow Reentrancy guard on external-calling functions Lido.sol documents CEI pattern ('firstly update the local state to prevent reentrancy') but lacks explicit nonReentrant modifier (Aragon-era contracts predate common OZ ReentrancyGuard). No reentrancy finding at high severity in any accessible audit summary for core contracts. Cannot verify V3 reentrancy posture without tool run. RD-F-024 yellow Code complexity vs audit coverage V2 audit scope: ~5,000 nSLOC, 7 firms. V3: ~15,000 LoC, 7+ firms. Consensys Diligence noted 'high complexity' and 'new vulnerabilities still being identified at end of audit' — honest acknowledgment, not a failure. Audit coverage depth is exceptional relative to complexity, but complexity is genuinely elevated for V3. RD-F-183 yellow Bug bounty scope gap on highest-TVL contracts Permanent Immunefi program covers 29+ contracts. V3 bug bounty competition (closed Aug 2025) explicitly covered stVaults/VaultHub. Phase 2/3 stVaults deployed Jan-Mar 2026 after competition close. Cannot confirm all new V3 contracts are in permanent program scope without a complete address list. Ambiguity warrants yellow. RD-F-010 gray Static-analyzer high-severity count No published Slither/Mythril/Semgrep tool output found. Extensive manual audit coverage (14 firms) functions as superset. Code4rena 2025-07: 0 high/medium on 30 contracts. Cannot enumerate raw tool findings without tool run. Needs tool run for programmatic verification. RD-F-016 gray Divide-before-multiply pattern No published Slither output available for programmatic detection. Extensive manual audit coverage by 14 firms covers this ground. Needs tool run for programmatic verification.

RD-F-002 green Audit recency Most recent audit covering V3 code: Certora V3 stVaults FV dated 2026-01-13; MixBytes 03-2026; Composable Security Oracle V7.1 03-2026. As of 2026-04-28, ~75 days since most recent audit. Continuous multi-firm audit cadence maintained since 2020.

RD-F-004 green Audit count 14 distinct audit firms across protocol lifetime: Sigma Prime, Quantstamp, MixBytes, Oxorio, ChainSecurity, Statemind, Hexens, Certora, Pessimistic, Ackee Blockchain, OpenZeppelin, Runtime Verification, Composable Security, Consensys Diligence. 7 firms on V3 alone. Exceptional audit depth.

RD-F-005 green Audit firm tier Tier-1 firms: Certora, OpenZeppelin, Consensys Diligence, ChainSecurity. Tier-1/2: Sigma Prime, Runtime Verification, Ackee Blockchain, Statemind, MixBytes. All firm tiers represented. No unknown or unranked firms.

RD-F-007 green Bug bounty presence & max payout Active Immunefi program, $2,000,000 maximum payout for critical smart-contract bugs (10% of affected funds, min $50K). 29+ contracts in scope. V3 bug bounty competition (July-August 2025) covered stVaults, VaultHub with $200K bonus pool.

RD-F-008 green Ignored bounty disclosure No evidence of ignored bug bounty disclosure in any post-mortem. All 4 documented incidents (2023-2024) were node operator operational failures, not protocol-level exploits. No REKT listing. rekt.incidents: [] per data-cache.

RD-F-009 green Formal verification coverage Certora FV: Lido V2 (2023-04), Dual Governance (2025-02 + re-audit), V3 stVaults (2026-01-10), V3 Oracle (2026-01-10). Runtime Verification Dual Governance FV (2025-02). Verified invariants include escrow solvency, proportional share withdrawal, UnstETH locker exact-value withdrawal. Partial but high-quality FV coverage on critical paths.

RD-F-011 green SELFDESTRUCT reachable from non-admin path Source inspection of Lido.sol (0.4.24), VaultHub.sol and StakingVault.sol (0.8.25): no selfdestruct usage found. OssifiableProxy pattern does not include selfdestruct. No audit finding mentioning selfdestruct in accessible summaries.

RD-F-012 green delegatecall with user-controlled target No delegatecall with user-controlled target found in Lido.sol, VaultHub.sol, or StakingVault.sol source inspection. OssifiableProxy uses delegatecall only to admin-set implementation. Aragon AppProxyUpgradeable delegates to Aragon-governed implementation.

RD-F-013 green Arbitrary call with user-controlled target External calls in Lido.sol use locator-resolved trusted contract addresses (stakingRouter.deposit() etc.), not user-controlled targets. No arbitrary call(target, data) pattern found in source inspection or audit summaries for core contracts.

RD-F-015 green ERC-777/1155/721 hook without reentrancy guard stETH and wstETH are ERC-20. Withdrawal Queue is ERC-721. No ERC-777 integration. ERC-721 hooks in Withdrawal Queue audited by Certora, Hexens, Statemind. No hook-reentrancy finding in accessible summaries.

RD-F-017 green Mixed-decimals math without explicit scaling stETH and wstETH both 18 decimals; oracle reporting in Gwei precision (consistent with Beacon Chain). No mixed-decimals issue found in any audit summary. Statemind, MixBytes, Certora audited math logic.

RD-F-018 green Signed/unsigned arithmetic confusion Lido.sol (0.4.24) uses SafeMath library for arithmetic. Solidity 0.8.x contracts have built-in overflow protection. No signed/unsigned confusion finding in any audit summary for core contracts.

RD-F-019 green ecrecover zero-address return unchecked stETH uses EIP-712 permit via StETHPermit; OZ 3.4.0 ECDSA library includes ecrecover zero-return check. No ecrecover zero-return bypass finding in any audit summary for Lido core contracts.

RD-F-020 green EIP-712 domain separator missing chainId stETH EIP-712 domain separator verified by Sigma Prime, ChainSecurity, and Certora in V2 audits. V3 contracts on OZ 5.2.0 use standard EIP-712 with chainId. No missing-chainId finding in any accessible audit summary.

RD-F-021 green UUPS _authorizeUpgrade correctly permissioned Lido uses OssifiableProxy (not UUPS) for V2/V3 contracts. UUPSUpgradeable vulnerability (GHSA-5vp3-v4hc-gx76) only affects OZ 4.1.0-4.3.2; Lido V3 uses OZ 5.2.0 (unaffected), legacy uses Aragon proxy (unaffected). OssifiableProxy has proxy__upgradeTo() controlled by admin-only.

RD-F-022 green Public initialize() without initializer modifier Lido.sol (0.4.24): initialize() uses Aragon onlyInit modifier (equivalent to OZ initializer). VaultHub (0.8.25): initialize() has OZ initializer modifier, constructor calls _disableInitializers(). StakingVault (0.8.25): initialize() has OZ initializer modifier, constructor calls _disableInitializers(). All implementations properly guarded against unprotected re-initialization.

RD-F-023 green Constructor calls _disableInitializers() VaultHub constructor (line 314): calls _disableInitializers(). StakingVault constructor: calls _disableInitializers(). Legacy Lido.sol uses Aragon onlyInit pattern (functionally equivalent). OssifiableProxy is the proxy itself, not the implementation.

Governance & admin Green 8 24 of 24

RD-F-033 yellow Timelock on sensitive actions Upgrades and oracle changes timelocked. GateSeal pause (3/6 multisig) is timelock-exempt for emergency pause (14-day cap, no drain vector). LDO mint via governance is timelocked. Not all actions timelocked. RD-F-039 yellow delegatecall/call in proposal execution without allowlist Aragon CallsScript executor uses call() (not delegatecall). Uses blacklist approach, not positive allowlist — any non-blacklisted address can be targeted by passed proposals. No delegatecall vector. Practical attack requires 5% quorum + 50% support + 5-day vote + 4-day timelock + Dual Governance opposition window. RD-F-041 yellow Rescue/emergencyWithdraw without timelock GateSeal Committee (3/6) can pause Withdrawal Queue, Validators Exit Bus, VaultHub immediately without timelock — limited to 14-day cap. Not a fund drain vector (pause prevents operations but does not extract funds). No emergencyWithdraw/rescue() found on core stETH. Unpausing requires DAO vote + timelock. RD-F-042 yellow Admin has mint() with unlimited max LDO MiniMeToken has generateTokens() with no hard supply cap. Controller = Aragon Agent (DAO-governed + timelocked post-July 2025). Practical mint requires full DAO governance process. stETH minting is demand-driven, not admin-callable with unlimited supply. RD-F-047 yellow Governance token concentration (Gini) 63,361 LDO holders; only 6 delegates with >1M LDO each per Lido scorecard. High concentration typical for governance tokens at this scale. 5% quorum = 50M LDO from 1B total supply. Gini not precisely computed. RD-F-029 gray Multisig signers co-hosted Signer co-hosting not assessable via WebFetch. Emergency committee signers span Certora, MixBytes, Ackee, SEAL, Lido DAO tech — diverse org affiliations suggest distributed custody but ASN/custodian analysis not performed. RD-F-030 gray Hot-wallet signer flag Hot-wallet heuristic not assessable within budget. Admin path is the Aragon Agent (a contract), not a personal EOA. Committee signer wallet behavior pattern analysis not conducted. RD-F-044 gray Admin wallet interacts with flagged addresses Admin paths route through Aragon Agent (a contract). No single admin EOA whose wallet interactions can be assessed. Chainalysis-style feed not available.

RD-F-025 green Admin key custody type Full DAO + timelock custody type. Aragon LDO voting → EmergencyProtectedTimelock (3-day min) → AdminExecutor. No single EOA or low-threshold multisig controls protocol upgrades.

RD-F-026 green Upgrade multisig signer configuration (M/N) Upgrade control is full DAO governance (5% quorum + 50% support), not a threshold multisig. Committee multisigs are delegated operational scope: GateSeal 3/6, LEGO 4/8, Treasury 4/7, BORG 5/9, Emergency Activation 4/7, Emergency Execution 5/7.

RD-F-027 green Single admin EOA No single admin EOA. Deployer 0x55bc991b2edf3ddb4c520b222be4f378418ff0fa relinquished control at launch (December 2020). All admin routes through Aragon DAO + EmergencyProtectedTimelock.

RD-F-028 green Low-threshold multisig vs TVL All committee multisigs have appropriate thresholds relative to TVL ($21.4B): GateSeal 3/6 (emergency pause only, 14-day cap), LEGO 4/8 (grants only), Treasury 4/7, BORG 5/9, Emergency Activation 4/7, Emergency Execution 5/7. None control protocol upgrades directly.

RD-F-031 green Signer rotation recency No recent concerning signer-set changes. GateSeal last transaction 2024-04-23. No threshold reduction events analogous to Drift precursor pattern identified.

RD-F-032 green Timelock duration on upgrades EmergencyProtectedTimelock: MIN_EXECUTION_DELAY=259,200s (3 days), afterSubmitDelay=259,200s, afterScheduleDelay=86,400s. Total minimum: 4 days. Dual Governance can extend to 45+ days.

RD-F-034 green Guardian/pause-keeper distinct from upgrader GateSeal Committee (3/6 multisig) is the pause-keeper, distinct from the Aragon DAO which is the upgrader. Emergency committees (4/7 and 5/7) are additional distinct actors for DG emergency mode.

RD-F-035 green Role separation: upgrade ≠ fee ≠ oracle Upgrade role: DAO governance → AdminExecutor. Fee distribution: StakingRouter (DAO-controlled). Oracle: AccountingOracle/ValidatorsExitBusOracle committee (separate). Treasury: Aragon Agent. GateSeal: separate committee. Multiple roles are distinct.

RD-F-036 green Flash-loanable voting weight Aragon Voting App uses balanceOfAt(voter, snapshotBlock) at vote creation. LDO MiniMeToken has checkpoint support. Flash loans acquired after snapshot have zero voting power for in-progress votes. Explicitly confirmed flash-loan resistant by Lido contributors.

RD-F-037 green Quorum achievable via single-entity flash loan Snapshot block mechanism defeats flash loan vote manipulation. 5% quorum = 50M LDO of 1B total supply — not achievable via single flash loan. Double protection from historical snapshot + high quorum.

RD-F-038 green Proposal execution delay < 24h Minimum execution delay is 3+1=4 days through EmergencyProtectedTimelock. Not below 24h. Dual Governance can extend to 45+ days.

RD-F-040 green Emergency-veto multisig present GateSeal Committee (3/6) can pause contracts pre-execution. Emergency Activation (4/7) can block DG execution. Dual Governance stETH escrow gives all stETH holders proportional veto-extension power. Tiebreaker Core breaks deadlocks.

RD-F-043 green Admin = deployer EOA after 7 days Protocol live since December 2020 (>5 years). Deployer 0x55bc991b2edf3ddb4c520b222be4f378418ff0fa (Lido: Deployer 1) transferred control to Aragon DAO at launch. No deployer EOA retains admin rights in 2026.

RD-F-045 green Constructor args match governance proposal V3 deployed via DAO votes; deployed-mainnet.json in repo maps contracts. Certora fix review (03-2026) confirmed no discrepancy. Specific constructor-arg cross-referencing not performed within budget.

RD-F-046 green Contract unverified on Etherscan/Sourcify All core contracts verified on Etherscan: stETH proxy, implementation, Aragon Agent, EmergencyProtectedTimelock, Withdrawal Queue. ZKsync bridge was verified before pause. No unverified production contracts found.

RD-F-167 green Deprecated contract paused but pause reversible by live admin No officially deprecated contract surface with retained admin pause authority identified. stSOL (Solana) sunset has no retained Ethereum-side admin. No deprecated-but-pauseable contract found.

Oracle & external dependencies Yellow 20 17 of 17

RD-F-049 yellow Oracle role per asset AccountingOracle = Primary for stETH rebase; ValidatorsExitBusOracle = Primary for exit requests. No secondary or fallback oracle. If committee fails quorum, rebase halts and exit processing stalls. RD-F-051 yellow Fallback behavior on oracle failure No fallback oracle. If oracle committee fails quorum, stETH rebase halts for the frame. Docs explicitly state daemons may stop reporting during ETH consensus non-finality. No automatic secondary source or last-known-price fallback. RD-F-052 yellow Breakage analysis per dependency Partial breakage analysis: oracle offline halts rebase; Beacon Chain non-finality halts oracle + exits; DAO capture enables false oracle committee changes. No formal published breakage-analysis documentation found. RD-F-057 yellow Circuit breaker on price deviation No automated circuit breaker on oracle price deviation. GateSeal Committee (3-of-6) provides manual emergency pause for ValidatorsExitBusOracle and Withdrawal Queue but this is not automatic. RD-F-059 yellow Oracle staleness check present Frame-based deadline enforcement exists (StaleReport() reverts late submissions) but there is no consumer-side staleness rejection if reporting simply lags — stETH ratio just doesn't update. No maxStaleness check on oracle output consumption. RD-F-180 yellow Immutable oracle address [★ CRITICAL CANDIDATE — PD-017] Oracle address is stored in upgradeable LidoLocator (0xC1d0b3DE6792Bf6b4b37EccdcC24e45978Cfd2Eb) governed by Lido DAO via EmergencyProtectedTimelock (3-day minimum delay). Not hardcoded immutable. Replacement path exists but requires ~5-10 day governance cycle. RD-F-054 n/a TWAP window duration Lido does not use any DEX TWAP oracle. N/A. RD-F-055 n/a Oracle pool depth (USD) Lido does not use any DEX pool for pricing. N/A. RD-F-056 n/a Single-pool oracle (no medianization) Lido uses committee consensus oracle, not a DEX pool oracle. N/A. RD-F-058 n/a Max-deviation threshold (bps) No circuit breaker configured (see F057). N/A. RD-F-060 n/a Chainlink aggregator min/max bound misconfig Lido does not use Chainlink aggregators in its core protocol. N/A. RD-F-061 n/a LP token balanceOf used for pricing Lido does not derive prices from LP token balances. stETH/wstETH ratio is internal share accounting. N/A. RD-F-181 n/a Permissionless-pool lending oracle Lido is not a lending protocol. It does not accept spot prices from permissionlessly-created DEX pools. N/A.

RD-F-048 green Oracle providers used Lido uses a proprietary 9-member committee-based oracle (AccountingOracle + HashConsensus, 5-of-9 quorum) as its sole oracle. No Chainlink, Pyth, Redstone, or DEX TWAP oracle in core protocol. Chainlink feeds in data-cache are third-party integrator feeds, not Lido's own.

RD-F-050 green Dependency graph (protocols depended upon) Core dependencies mapped: Ethereum Beacon Chain Deposit Contract (0x00000000219ab540356cBB839Cbe05303d7705Fa), Ethereum Consensus Layer finality, 9-member oracle committee, Aragon DAO + Dual Governance. No Aave/Uniswap protocol-level dependency in core stETH mechanics.

RD-F-053 green Oracle source = spot DEX pool (no TWAP) [★ CRITICAL] No DEX spot price oracle used anywhere in Lido core protocol. stETH/ETH rate is internal accounting (totalPooledEth/totalShares). No slot0(), getReserves(), or DEX pool read exists in core contracts.

RD-F-062 green External keeper/relayer not redundant Oracle committee has 9 independent members with 5-of-9 quorum (4-node fault tolerance). Deposit Security Module uses separate 4-of-6 guardian committee. No single-keeper dependency.

Economic risk Green 17 13 of 13

RD-F-064 yellow TVL concentration (top-10 wallet share) Asset concentration: 100% ETH by design. Chain concentration: 99.98% Ethereum mainnet. Depositor-address concentration not quantifiable from public sources (Dune 403, no public holder ranking). Structural reasoning supports low depositor concentration at $21B TVL with global stETH distribution, but systemic downstream collateral concentration (wstETH = 3rd-largest Aave collateral) is a material YELLOW signal. RD-F-065 yellow Liquidity depth per major asset Curve stETH/ETH pool: ~480K ETH (~$960M–$1.2B) in secondary market depth. stETH/ETH peg approximately 1:1 ± 0.2% as of April 2026. On-chain withdrawal queue provides 1:1 backstop at 1–5 day normal finality. YELLOW because (1) secondary market cannot absorb liquidation of stETH collateral at $10B+ scale; (2) Dual Governance rage-quit can extend withdrawal finality to 12+ months in extreme governance deadlock scenarios. RD-F-066 n/a Utilization rate (lending protocols) N/A — Lido is not a lending protocol. No borrow/supply positions exist. data-cache confirms borrow.present: false, utilization_rate_pct: null. RD-F-068 n/a Collateralization under stress N/A — Lido has no CDP or lending mechanic. stETH is backed 1:1 by ETH validators (minus slashing). No collateralization ratio applies. RD-F-069 n/a Algorithmic / under-collateralized stablecoin N/A — Lido does not issue a stablecoin. stETH is an LST backed 1:1 by ETH validators. No algorithmic or under-collateralized design pattern. RD-F-070 n/a Empty cToken-style market (zero supply/borrow) N/A — Compound-fork-only per taxonomy §Category 4 PD-024 applicability note. Lido is an original LST protocol (not a Compound fork). No cToken-style markets exist. Critical ★ flag does not fire. LST economic mechanism integrity assessed under F065 (withdrawal queue) and F067 (slashing socialization) — both pass. RD-F-071 n/a Seed-deposit requirement for new market listing N/A — no market listing mechanism exists. Lido does not have cToken-style markets. Node operator onboarding (DAO vote) and CSM (permissionless with bond) are the closest analogues, but these are governance/operational items, not depositor-side market seeding. RD-F-072 n/a Market-listing governance threshold N/A — no market listing mechanism in the Compound/Aave sense. Node operator additions are governance-gated (assessed under Cat 2). RD-F-073 n/a Oracle-manipulation-proof borrow cap N/A — Lido has no borrow cap or lending oracle. data-cache confirms borrow.present: false. Accounting Oracle reports Beacon Chain validator balances for stETH rebase (not a lending price oracle). Oracle risk assessed in Cat 3. RD-F-074 n/a ERC-4626 virtual-share offset (OZ ≥4.9) N/A — stETH is not an ERC-4626 vault. wstETH is a non-upgradeable wrapper. Share accounting is oracle-anchored to Beacon Chain state, not susceptible to ERC-4626 virtual-share inflation attack. OZ v3.4.0 used (predates ERC-4626 standard introduction in OZ 4.x). RD-F-075 n/a First-depositor / share-inflation guard N/A — LST architecture. wstETH wrapping ratio is anchored by AccountingOracle reporting Beacon Chain validator balances, not by token donations to a pool. stETH pool has been continuously non-empty since December 18, 2020 (genesis). No empty-pool first-depositor scenario is possible. Attack vector is absent by architecture.

RD-F-063 green TVL (current + 30d trend) $21.39B current TVL (DefiLlama, 2026-04-28). +17.29% over trailing 30 days. 12-month ATH ~$41.07B (August 2025). TVL is 100% ETH/majors — high quality, validator-backed 1:1. Lido is the largest DeFi protocol by TVL globally.

RD-F-067 green Historical bad-debt events Zero protocol-level bad debt events in 5+ years of operation. Four node operator slashing incidents (2023–2024) resulted in total ~42 ETH of socialized losses — trivially small relative to $21B TVL, socialized across all stETH holders as infinitesimal rebase reductions. No governance-level bad debt. No protocol-level exploit. Rekt incidents: 0.

Operational history Green 13 15 of 15

RD-F-089 red Insurance coverage active No active third-party insurance coverage on Nexus Mutual, Sherlock, or Unslashed for Lido's core ETH staking. Nexus Mutual ~$350M total capacity vs Lido $23B TVL = <2bp coverage ratio. Structural industry gap at this TVL tier. RD-F-077 yellow Prior exploit count 0 protocol-code exploits in 64+ months. 7 NO-level events: 2 slashings (RockLogic Apr 2023 ~$25K, Launchnodes Oct 2023 ~$47K), 1 key compromise (Numic May 2024 $0), 1 connectivity outage (Launchnodes Dec 2024 $8K), 1 oracle key compromise (Chorus One May 2025 $4.2K), 1 CSM slashing (Mar 2026 $100). All fully covered. Yellow conservative scoring given non-zero historical losses. RD-F-166 yellow Deprecated contracts still holding value Lido on Solana (stSOL): deprecated Oct 2023; frontend closed Feb 2024. Withdrawal split function bug trapped ~$24M stSOL. P2P Validator deployed CLI fix April 2024 (partial remediation). Current residual stSOL supply unconfirmed. RD-F-078 n/a Chronic-exploit flag (≥3 incidents) Chronic flag requires >=3 distinct protocol-code exploits. Lido has 0 protocol-code exploits. Hacksdatabase grep returned no entries; rekt.news has no Lido listing. RD-F-087 n/a Pause > 7 consecutive days 0 pause activations of any duration in core stETH protocol during trailing 12 months. Green by construction from F086.

RD-F-076 green Protocol age (days) Lido on Ethereum first mainnet deploy December 18-19 2020. As of 2026-04-28: 1956 days (~64 months) live. Exceeds 12-month A-grade floor by a large margin.

RD-F-079 green Same-root-cause repeat exploit RockLogic (Apr 2023) and Launchnodes (Oct 2023) slashings have distinct root causes: Prysm client bug vs misconfigured fallback. Different failure modes, different operators, different fixes. Dec 2024 Launchnodes was hardware/network failure, not slashing.

RD-F-080 green Days since last exploit Most recent event: CSM slashing March 12 2026 (47 days ago). Most recent NO-level loss event: Dec 31 2024 Launchnodes (118 days ago). 0 protocol-code exploits ever.

RD-F-081 green Post-exploit response score Response quality 4-5/5 across all incidents. Same-day to next-day post-mortems with full named root causes. All incidents: $0 user fund loss, full operator compensation.

RD-F-082 green Post-mortem published within 30 days All incidents post-mortem within 30 days except Chorus One oracle (107 days outlier; investigation thoroughness documented). RockLogic +1d, Launchnodes Oct 2023 +2d, Numic +7d, Launchnodes Dec 2024 +9d, CSM same-day.

RD-F-083 green Auditor re-engaged after last exploit No protocol-code exploit requiring re-audit. NO-level incidents triggered ISO 27001 firm engagement (Numic). Continuous audit cadence: V2 May 2023 multi-firm, V3 Sigma Prime 2024-2025, dedicated audit competitions for Dual Governance and stVaults.

RD-F-084 green TVL stability (CoV over 90d) TVL ~$23.07B Apr 2026 (Nov 2025 peak ~$38.86B). ~40% decline tracks ETH price decline, not protocol incident. No 90-day TVL anomaly.

RD-F-085 green Incident response time (minutes) Launchnodes Oct 2023: 7 minutes detection-to-shutdown. Numic May 2024: same-day DAO notification. Chorus One May 2025: emergency vote within 24h. CSM March 2026: same-day governance post.

RD-F-086 green Pause activations (trailing 12 months) 0 emergency pause of core Lido stETH staking protocol in trailing 12 months. Chorus One key rotation was governance vote, not pause. CSM bond covered slashing per design.

RD-F-088 green Re-deployed to new addresses in last year V3 stVaults (March 2025) deployed as additive infrastructure. Core stETH, WithdrawalQueue, NodeOperatorsRegistry addresses stable on Ethereum. Polygon shutdown was cross-chain wind-down, not Ethereum migration.

Real-time signals Green 2 22 of 22

RD-F-099 yellow Oracle price deviation >X% from secondary Lido's AccountingOracle is a committee oracle, not Chainlink. The analogous deviation check is stETH/ETH exchange rate vs Curve pool spot price. Currently within ~0.2% of peg. Structural yellow: Curve stETH/ETH liquidity declined from ~$800M to ~$274M post-Shapella, raising peg sensitivity. May 2025 Chorus One oracle key compromise demonstrated oracle is a targeted attack surface (5-of-9 quorum held). Signal requires custom implementation for committee oracle vs Curve spot comparison. RD-F-090 n/a Mixer withdrawal → protocol interaction No confirmed Tornado Cash → Lido protocol interaction in trailing 30 days from public OSINT. May 2025 Chorus One oracle attacker wallet is highest-priority unresolved check; public label: no mixer attribution found. Requires Chainalysis/TRM licensed feed for definitive check on oracle-wallet attacker identity. RD-F-092 gray Unusual mempool pattern from deployer wallet Primary deployer 0x55bc991b2edf3ddb4c520b222be4f378418ff0fa is from December 2020 and effectively dormant for routine operations. Contract deployments at V3 scale route through DAO governance and timelocked execution via AdminExecutor. Deployer EOA is not the active admin path post-V2. Structural N/A for mature protocol governance model. RD-F-096 gray New ERC-20 approval to unverified contract from whale User-level signal. stETH approvals to unverified contracts is a user risk, not a protocol-level signal detectable at the Lido protocol page level. Lido is not a lending protocol with user-facing approval hooks in its core contracts. RD-F-104 gray Stablecoin depeg >2% on shared-LP venue Lido's core protocol does not hold stablecoin collateral. stETH is an LST, not a stablecoin. Stablecoin depeg signal definition requires stablecoin in protocol dependency graph with ≥5% TVL exposure. Lido EarnETH vault (separate product) had rsETH exposure but rsETH is an LST not a stablecoin. Not applicable under strict signal definition for core stETH protocol. RD-F-105 gray DNS/CDN/frontend hash drift lido.fi and stake.lido.fi are high-value targets for frontend compromise (Curve-class attack). No confirmed DNS/frontend drift event in 2024-2026 from public OSINT. No public IPFS content hash baseline for lido.fi. External monitoring stack required for live signal. Cannot confirm or deny from static OSINT assessment. RD-F-107 gray Admin EOA signing from new geography/device Not applicable. Lido's admin actions route through multisig contracts (GateSeal 3-of-6, various committees) and timelock-protected execution. No single EOA admin path exists post-Dual Governance activation. Off-chain signing telemetry signal requires individual EOA admin path. RD-F-108 gray GitHub force-push to sensitive branch lidofinance/core GitHub repo active (last commit 2026-04-28). No public reports of unauthorized force-push or sensitive-branch push. Live GitHub API monitoring required for signal; cannot confirm or deny from static OSINT. RD-F-109 gray Social-media impersonation scam spike No confirmed scam-spike event above background level. Background level of social impersonation (fake Lido X accounts, Discord scam bots) is elevated as a persistent condition for top-20 DeFi brands. Social-media monitoring vendor required for spike-above-baseline detection.

RD-F-091 green Partial-drain test transactions No small-value drain pattern preceding a larger drain detected on stETH, Withdrawal Queue, or Staking Router contracts. No Rekt incidents. No pre-strike test-tx patterns identified in public OSINT.

RD-F-093 green Abnormal gas-price willingness from attacker wallet No observed priority-fee ≥5x EMA baseline from threat-actor-labeled wallets on Lido core contracts. No Rekt incidents. Lido's committee oracle is not susceptible to single-block gas-racing manipulation.

RD-F-094 green New contract with similar bytecode to exploit template No public reports of clone bytecode deployments targeting Lido's core contract patterns. Lido is original (not a fork); its contract architecture is unique and not a common exploit-template target class in the hack database.

RD-F-095 green Known-exploit function-selector replay No known exploit-template selector patterns documented for Lido's Aragon proxy + committee oracle architecture. Hack database: no Lido entries. Not a Compound-fork or Uniswap-fork class protocol.

RD-F-097 green Sybil surge of identical-pattern transactions No sybil transaction pattern detected on Lido core contracts. CSM has stake-bonding requirements that gate sybil registration. Core stETH staking has no sybil surface (permissionless). No incidents in hack database.

RD-F-098 green TVL anomaly — % drop in <1h TVL $21.39B as of 2026-04-28. 30d change: +17.29%. 1d change: -0.73%. No anomalous 1h drop event. Kelp DAO April 2026 contagion triggered sector-wide TVL decline — Lido EarnETH vault paused but core stETH pool TVL not drained. Sector-suppression condition applies to April 2026 event.

RD-F-100 green Flash loan >$10M targeting protocol tokens Lido's core stETH contract is not a lending protocol. Committee oracle is not susceptible to single-block flash-loan manipulation. stETH can be flash-loaned from Aave but for attacks on third-party protocols, not Lido's own contracts. No flash loan events targeting Lido core oracle or governance contracts detected.

RD-F-101 green Large governance proposal queued Aragon Voting App active. EmergencyProtectedTimelock min 3-day delay. Dual Governance adds 5-45 day veto window. April 2026 governance activity was benign Lido/Aave recovery proposal. No malicious-pattern proposals (admin role change, delegatecall to non-allowlisted target, flash-loan-feasible proposer weight) detected. Dual Governance substantially raises bar for flash-loan governance attacks.

RD-F-102 green Admin/upgrade transaction in mempool No anomalous admin/upgrade mempool transactions detected. All governance actions route through EmergencyProtectedTimelock (min 3-day delay). Chorus One oracle rotation (May 2025) executed through proper DAO vote path. GateSeal activation (3-of-6 multisig) would appear as admin tx — requires suppression allowlist entry to avoid FP.

RD-F-103 green Bridge signer-set change proposed/executed No unscheduled signer-set change events on Lido's canonical wstETH bridge contracts (Wormhole+Axelar). Non-canonical LayerZero OFT (BNB/Avalanche/Scroll, not under Lido governance) is a monitoring gap — its guardian set changes are not in Lido's governance-monitored contract set.

RD-F-106 green Cross-chain bridge unverified mint pattern Lido's canonical wstETH bridges use Wormhole guardian-signed message verification and Axelar validator consensus. No deposit-without-proof events detected. Non-canonical LZ OFT (not under Lido governance) carries this risk class per Kelp DAO precedent but is outside Lido's direct monitoring perimeter.

RD-F-110 green Unusual pending/executed proposal ratio Aragon Voting App governance appears normally paced as of 2026-04-28. April 2026 emergency Kelp DAO response proposal and May 2025 Chorus One oracle rotation both executed smoothly through standard governance. No backlog of unusually stalled proposals detected.

RD-F-182 green Security-Council threshold reduction (RT) GateSeal Committee threshold: 3-of-6 (confirmed from data-cache Safe API). EmergencyProtectedTimelock minimum delay: 259,200 seconds (3 days, per profile §6). No threshold reduction events or timelock removal events detected as of 2026-04-28. Dual Governance emergency committees (Tiebreaker Core, Reseal Committee) intact. The Drift Protocol reference case (3/5 → 2/5 SC change + timelock removal, 6 days before $285M DPRK exploit) makes this signal highest-priority to wire for Lido. Parameters to monitor: GateSeal Committee threshold change from 3-of-6 to lower; EmergencyProtectedTimelock MIN_EXECUTION_DELAY reduction below 3 days; new signer additions within ≤14 days of either.

Dev identity & insider risk Green 0 16 of 16

RD-F-119 gray Commit timezone consistent with stated geography Cannot assess at OSINT tier. GitHub commit graphs are JS-rendered (not accessible via WebFetch per process-learnings). Vasiliy Shapovalov is publicly stated to be Russia-based (Rostov, UTC+3). No security researcher has reported timezone anomaly for lidofinance/core. GitHub API commit-hour analysis not performed due to tool limitations. Marked gray per methodology. RD-F-122 gray Contributor paid to DPRK-cluster wallet Cannot be meaningfully assessed at OSINT tier. Lido Labs has off-chain payroll; on-chain payment streams beyond Safe multisig disbursements are not publicly traceable. Individual signer wallets for committee Safes (BORG 9 signers, etc.) are in data-cache.json but hop-trace to DPRK clusters requires Chainalysis/Arkham access. The Numic incident (malware on developer machine, May 2024) is a node operator event with no DPRK attribution per official disclosure — not an insider payment routing signal. Per process-learnings: mark gray. RD-F-184 gray Real-capital social-engineering persona No curator-flagged persona building behavior observed. All current contributors have 5+ year public histories inconsistent with the Drift comparator pattern (6-month capital-deposit credibility build-up). Per process-learnings: mark gray and note Drift comparator; absence of public trace is expected by design for this attack pattern. No red signals found. Cannot confirm absence at OSINT tier. M-only factor by definition.

RD-F-111 green Team doxx status Co-founders fully doxxed: Konstantin Lomashuk (real name, LinkedIn, Parity Technologies background, P2P Validator CEO since 2018); Vasiliy Shapovalov (real name, LinkedIn, Master's Applied Mathematics Southern Federal University, Devcon Bogota speaker); Jordan Fish / Cobie (consistent-pseudonym-with-track-record, ran UpOnly podcast, departed active role ~2021). Lido Labs BORG Foundation is a registered Cayman Islands legal entity. GitHub org lists 9 named public members. Classification: real-name-doxxed for founders.

RD-F-112 green Team public accountability surface Lomashuk: P2P.org founder & CEO (operating company with institutional clients), Cyber.Fund / Satoshi Fund co-founder, Lido co-founder, conference presence, early backer of Ethereum and Solana. Shapovalov: decade-long LinkedIn career record, Devcon Bogota 2022 speaker, academic credentials. Cobie: podcast host, published writing, widely cited in crypto media. GitHub org members include 9 publicly named developers with multi-year histories. Score 4/5 per F121 rubric. (Prior 'Parity Technologies' employer claim for Lomashuk was removed 2026-05-06 -- not corroborated by the cited p2p.org founder-leadership bio nor any other verifiable primary source.)

RD-F-113 green Team other-protocol involvement history No team member linked to prior rug or exit scam. Lomashuk: P2P Validator (clean 2018-present), Cyber.Fund, Satoshi Fund. Shapovalov: CTO P2P Validator. banteg (Deployer 1 ENS holder): core Yearn Finance developer, no prior rug history. Web search for 'Lido rug exit scam team founders' returned zero relevant results. Rekt leaderboard: 0 entries (data-cache.json).

RD-F-114 green Deployer address prior on-chain history Deployer 1 (0x55bc991b2edf3ddb4c520b222be4f378418ff0fa): ENS 'lido.banteg.eth' — linked to 'banteg' (Yearn Finance core developer and early Lido angel investor). 229 transactions show normal dev activity: Aragon voting, DEX swaps, ENS registrations. No linked-to-prior-rug. Deployer 2 (0x59d07dc34b135b17b87840a86bff7302039e7edf): standard deploy history, no prior rug linkage.

RD-F-115 green Prior rug/exit-scam affiliation No team member linked to prior rug, exit scam, or fraudulent protocol. Exhaustive OSINT search returned no relevant results for 'Lido Finance rug exit scam team founders.' Rekt leaderboard shows 0 entries for Lido. 5+ year operating history with no such allegations in public domain.

RD-F-116 green Contributor tenure at admin-permissioned PR lidofinance/core GitHub last commit: 2026-04-28 (data-cache.json). Repository active since December 2020 (5+ years). Public GitHub org members show multi-year contribution histories. No evidence of a short-tenure contributor with admin-level access making protocol changes. Protocol maturity makes new-contributor admin access structurally unlikely given DAO-mediated upgrade pathway.

RD-F-117 green ENS/NameStone identity bound to deployer Deployer 1 (0x55bc991b2edf3ddb4c520b222be4f378418ff0fa) has ENS 'lido.banteg.eth' — directly bound to 'banteg,' a well-known Ethereum developer (Yearn Finance core contributor, Lido withdrawal key ceremony participant, early angel investor). This is a strong, publicly verifiable identity binding. Deployer 2 has no ENS name.

RD-F-118 green Handle reuse across failed/rugged projects No social handle associated with Lido team members found to have been previously associated with a rugged/failed project under a different alias. Cobie (CryptoCobain) has a consistent multi-year crypto identity. banteg has consistent Yearn Finance identity since 2017+. No handle recycling evidence found in OSINT.

RD-F-120 green Video-off/voice-consistency flag Vasiliy Shapovalov appeared on video at Devcon Bogota 2022 presenting on Future of Liquid Staking. Konstantin Lomashuk has public company appearances at P2P Validator. Jordan Fish (Cobie) runs video podcast and has numerous public video appearances. No video-off concerns or voice-inconsistency issues documented in any media or community source.

RD-F-121 green Contributor OSINT depth score Score 4/5. Lomashuk: employer history (Parity Technologies), company leadership (P2P Validator CEO), investment portfolio (Cyber.Fund, Satoshi Fund, early ETH/SOL backer), conference presence. Shapovalov: academic credentials (Master's Applied Mathematics), decade-long career record, LinkedIn with full history, Devcon speaking. Cobie: most public figures in crypto, runs a major podcast. Core dev team has named individuals with multi-year GitHub histories.

RD-F-123 green Sudden admin-rescue/ACL change without discussion All protocol-level admin and ACL changes route through Aragon DAO vote (5-day window, 5% quorum, mandatory research.lido.fi forum discussion) or post-July 2025 via EmergencyProtectedTimelock (minimum 3-day delay). Emergency GateSeal activations require 3-of-6 committee threshold and were established via documented governance forum proposal. No evidence of unilateral ACL change without governance discussion in last 180 days. GateSeal is one-time/expiring by design — cannot accumulate undocumented admin power.

RD-F-124 green Deployer wallet mixer-funded within 30 days Deployer 1 (0x55bc991b2edf3ddb4c520b222be4f378418ff0fa): Etherscan 'Funded By' label = Binance 2 (0xd551234ae421e3bcba99a0da6d736074f22192ff). Funding dated ~November 2020 (within 30 days of December 18, 2020 stETH genesis deploy). CEX-origin confirmed — Binance performs KYC/OFAC screening. No Tornado Cash or mixer interactions visible in 229-tx history. Deployer 2: no mixer interactions visible. 30-day window PASS.

RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus No OSINT evidence linking Deployer 1 or Deployer 2 to DPRK/Lazarus cluster. Deployer 1's 1-hop neighbor is Binance 2 (OFAC-compliant major CEX). OFAC SDN list: no Lido team member or deployer address match. Web search 'Lido Finance DPRK Lazarus North Korea' returns zero Lido-specific results. Numic incident (May 2024) was third-party node operator malware — no DPRK attribution per official disclosure. Confidence: medium (OSINT-tier only; no Chainalysis hop-trace).

Fork / dependency lineage Green 11 10 of 10

RD-F-133 yellow Dependency manifest uses unpinned versions forge-std submodule in .gitmodules lacks pinned commit SHA (test tooling dependency, low production risk). OZ production libraries pinned exactly in package.json: @openzeppelin/contracts@3.4.0, @openzeppelin/contracts-v4.4@4.4.1, @openzeppelin/contracts-v5.2@5.2.0. Security-critical production libs are pinned; test tooling is not. RD-F-126 n/a Is-a-fork-of Lido is an original protocol with no upstream fork. lidofinance/core README and profile §5 confirm no fork relationship. RD-F-127 n/a Upstream patch not merged N/A — no upstream fork. RD-F-128 n/a Upstream vulnerability disclosure (last 90d) N/A — no upstream fork. RD-F-129 n/a Code divergence from upstream (%) N/A — no upstream fork. RD-F-130 n/a Fork depth (generations from original audit) N/A — original protocol, fork depth = 0. RD-F-131 n/a Fork retains upstream audit coverage N/A — no upstream fork. RD-F-132 n/a Fork has different economic parameters than upstream N/A — no upstream fork.

RD-F-134 green Dependency had malicious-release incident (last 90d) No malicious-release incident affecting @openzeppelin/contracts (3.4.0, 4.4.1, 5.2.0) or forge-std in the past 90 days found in any public security advisory or GitHub advisory database.

RD-F-135 green Shared-library version with known-vuln status OZ 3.4.0: UUPS vulnerability (GHSA-5vp3-v4hc-gx76) affects 4.1.0-4.3.2 only — not 3.4.0. TimelockController CVE-2021-39168 affects 3.x but Lido does NOT use OZ TimelockController (uses Aragon ACL + custom EmergencyProtectedTimelock). OZ 5.2.0: no current critical advisories. Net: no currently-applicable critical CVE for Lido's actual usage pattern.

Post-deploy hygiene & change mgmt Green 13 13 of 13

RD-F-137 yellow Upgrade frequency (per 90 days) ~4 major upgrades in trailing 9 months (V3 stVaults Jan 2026, CSM v2 Oct 2025, Triggerable Withdrawals Jul 2025, Dual Governance Jul 2025). Active upgrade cadence for V3 launch cycle. All went through DAO vote + timelock. RD-F-142 yellow Storage-layout collision risk across upgrades Lido uses Aragon AppProxyUpgradeable pattern, pre-dating OZ upgrades plugin. No OZ upgrades plugin collision confirmation found. However, Certora formal verification (V3) would likely detect storage collisions. Aragon's fixed storage layout reduces risk for the proxy layer. RD-F-143 yellow Reinitializable implementation (no _disableInitializers) stETH implementation uses initialize() without _disableInitializers() in constructor. Aragon kernel's ACL provides partial mitigation (initialize() is access-controlled). The canonical OZ protection guard is absent. Risk is partially mitigated by Aragon permission model but not eliminated by standard OZ mechanism. RD-F-146 yellow New contract deploys in last 30 days V3 stVaults launched January 30, 2026. Certora fix review deployed March 2026. Multiple new contracts deployed in trailing 90 days as part of V3 launch. Active deployment cadence. RD-F-185 yellow Bridge rate-limiter / chain-pause as positive mitigant GateSeal mechanism provides a protocol-level pause (not a per-window rate-limiter). No explicit per-window outflow rate-limiter confirmed on canonical wstETH bridge contracts (Wormhole+Axelar on L2s). Partial credit for GateSeal pause as a positive mitigant for core protocol operations.

RD-F-136 green Deployed bytecode matches signed release tag V3.0.2 (April 23, 2026) is current release. deployed-mainnet.json in repo maps addresses. Certora and MixBytes fix reviews (03-2026) confirmed deployed code matches audited code.

RD-F-138 green Hot-patch deploys without timelock (last 30 days) No evidence of timelock-bypassing hot-patches. ZKsync bridge vulnerability (March 2026) followed: pause → audit → DAO vote for fix deployment. No untimelocked deployments identified.

RD-F-139 green Post-audit code changes without re-audit V3 audited by Certora, MixBytes, Consensys Diligence (12-2025) with fix reviews (01-2026, 03-2026). CSM v2 audited (09-2025). DG hotfix reviewed (Certora 08-2025). ZKsync bridge fix audited before re-deployment. No unreviewed post-audit code changes found.

RD-F-140 green Fix-merged-but-not-deployed gap No fix-merged-but-not-deployed gap identified. ZKsync bridge fix workflow was: pause → fix prepared → audit → governance vote → deploy. Certora fix reviews confirm fixes deployed.

RD-F-141 green Test-mode parameters in deploy No test-mode parameters in production. EmergencyProtectedTimelock uses production delay values (259200s, 86400s). Admin is full DAO governance, not deployer EOA.

RD-F-144 green CREATE2 factory permits same-address redeploy Lido uses Aragon AppProxyUpgradeable + OssifiableProxy patterns, not CREATE2 with redeployability. No evidence of same-address CREATE2 redeploy capability.

RD-F-145 green Deployed bytecode reproducibility Hardhat + Foundry build tools present. viaIR enabled introduces some non-determinism risk but 6+ independent auditors have verified code — reproducibility is implicit requirement of audit attestation.

RD-F-168 green Stale-approval exposure on deprecated router No stale user approvals on deprecated router contracts identified. Lido does not have a deprecated router contract with outstanding approvals at material scale.

Cross-chain & bridge Green 11 12 of 12

RD-F-151 yellow Bridge ecrecover checks result ≠ address(0) [★ CRITICAL] Lido's bridge contracts do NOT call ecrecover directly. WormholeTransceiver delegates VAA verification to wormhole.parseAndVerifyVM(). Native L2 bridges use CrossDomainMessenger (no ecrecover). Lido doesn't independently check ecrecover != address(0) — trusts Wormhole's return. RD-F-155 yellow Bridge validator-set rotation recency Wormhole Guardian set is publicly maintained. Axelar PoS validators rotate continuously. No specific rotation event enumerated. Assessed as actively maintained. RD-F-157 yellow Bridge TVL per validator ratio Wormhole+Axelar bridge to BNB/Avalanche TVL not separately enumerated. Overall Lido TVL $21.4B but bridge TVL subset is a small fraction (recent launch Aug 2024). Ratio not computable with available data. RD-F-179 yellow LayerZero OFT DVN config (count, threshold, diversity) LayerZero wstETH OFT (ETH: 0x742650E0441Be8503682965d601AD0Ba1fB54411) is NOT under Lido DAO governance — DAO voted 81% for Wormhole+Axelar, 5% for LayerZero (Jan 2024). OFT remains operational under LayerZero Labs control. DVN config unverifiable due to non-governance status. Ongoing operation under Lido branding without DAO control is the primary risk.

RD-F-147 green Protocol has bridge surface Lido has active bridge surface: canonical Wormhole+Axelar NTT bridge to BNB/Avalanche (DAO-approved Jan 2024), native L2 bridges to Optimism/Arbitrum/Base/zkSync/Polygon, and unauthorized LayerZero OFT on BNB/Avalanche/Scroll (not DAO-controlled).

RD-F-148 green Bridge validator count (M) Wormhole canonical bridge: 19 Guardians (13-of-19 quorum). Axelar: PoS validator set (>100 validators). Native L2 bridges delegate to each chain's own infrastructure. 2-of-2 threshold means both Wormhole and Axelar must be simultaneously compromised for exploit.

RD-F-149 green Bridge validator threshold (k-of-M) Wormhole: 13-of-19 Guardian super-majority (>67%). Joint 2-of-2 threshold (both Wormhole AND Axelar must attest). Threshold design is strong — simultaneous compromise of both required for exploit.

RD-F-150 green Bridge validator co-hosting Wormhole's 19 Guardians operated by separate named organizations. Axelar PoS validators are geographically distributed. No evidence of majority co-hosting.

RD-F-152 green Bridge binds message to srcChainId Wormhole VAAs include srcChainId. CrossDomainMessenger enforces per-chain isolation via onlyFromCrossDomainAccount. Chain binding enforced at infrastructure level.

RD-F-153 green Bridge tracks nonce-consumed mapping Wormhole NTT uses consumed-VAA hash tracking (_consumedVAAs mapping). isVAAConsumed(vm.hash) check before processing; TransferAlreadyCompleted on replay. NTT EndpointManager provides additional replay protection. Native L2 bridges delegate to chain-level CrossDomainMessenger replay protection.

RD-F-154 green Default bytes32(0) acceptable as valid root [★ CRITICAL] Not applicable to Lido's bridge architecture. Wormhole uses consumed-VAA hash tracking (not Merkle roots). Native L2 bridges use CrossDomainMessenger state-root proofs managed by L2 chain. Nomad-class bytes32(0) root vulnerability requires a Merkle inbox pattern not present in Lido's bridges.

RD-F-156 green Bridge uses same key custody for >30% validators Wormhole 19 Guardians: publicly named diverse organizations. Axelar: diverse PoS validator set. No single custodian >30%.

Threat intelligence & recon Green 17 8 of 8

RD-F-161 yellow Protocol-impersonator domain registered (typosquat) Lido is a top-20 DeFi brand by TVL ($21.4B) and recognition — persistent elevated typosquat domain registration risk. No confirmed typosquat domain registration within 90 days found via web search OSINT. WHOIS monitoring not accessible via web search; requires DomainTools API or similar. Elevated structural concern, specific 90-day registration not confirmed or denied. RD-F-163 yellow Avg attacker reconnaissance time for peer-class protocols For oracle-compromise class (Chorus One May 2025, Numic May 2024): attack timeline is weeks-to-months of off-chain social engineering or credential-gathering, not observable on-chain until the attack occurs. The USPD 78-day on-chain reconnaissance pattern is more applicable to bridge/lending protocols. For governance-attack class, Lido's Dual Governance 5-45 day veto window substantially extends the detection window. Yellow: reconnaissance window exists but is off-chain in nature, making it harder to detect via on-chain signals. RD-F-158 n/a Known-threat-actor cluster has touched protocol No confirmed DPRK/Lazarus cluster touch of Lido core contracts from public OSINT. Kelp DAO exploit (April 2026, UNC4736/Lazarus) had downstream Lido EarnETH vault effect but attacker wallets did not interact with Lido core contracts. Requires Chainalysis/TRM licensed feed for definitive check. RD-F-159 n/a Attacker wallet pre-strike probe (low-gas failing txs) No failing/low-gas tx pattern from labeled threat-actor wallets on Lido core contracts detected in public OSINT. Requires mempool monitoring + cluster feed for live detection. RD-F-164 n/a Leaked credential on paste/sentry site Chorus One oracle hot wallet compromise (May 2025) attributed to probable private key leak from a previously-used hot wallet — demonstrates credential-leak pathway exists for oracle operators. Cannot assess paste/credential dump sites from public web search; requires Leaked Credentials / Intelx / specialized feed. Marked NOT ASSESSED. RD-F-165 n/a Protocol social channel has scam-coordinator flag No specific Discord/Telegram channel admin flagged on curator scam-coordinator watchlist from public OSINT. Background level of impersonation/scam activity elevated for top-20 DeFi protocols. Cannot assess without curator social watchlist.

RD-F-160 green GitHub malicious-dependency incident touching protocol deps No active GHSA/GitHub Security Advisory flagging a malicious release in Lido core dependencies (OZ v3.4.0, hardhat, foundry ecosystem) as of 2026-04-28. OZ v3.4.0 is a 2021 vintage library — vulnerability risk is static (known CVEs to check in Cat 1/Cat 8), not supply-chain malicious-release.

RD-F-162 green Known-exploit-template selector deployed by any address No exploit-template deployments targeting Lido's contract class found in hack database or public OSINT. Lido is original (not a fork); no common exploit-template class for Aragon proxy + committee oracle architecture. Hack DB: rekt.incidents empty for Lido.

Tooling / compiler / AI Green 13 5 of 5

RD-F-170 yellow Solc version used (known-bug versions flagged) Three compiler versions: (1) 0.4.24 — ExpExponentCleanup bug (medium/high, fixed 0.4.25) applies; limited practical risk given usage pattern (SafeMath, no dynamic non-literal small-type exponents identified). (2) 0.8.9 — no current known high-severity bugs per Etherscan bug list. (3) 0.8.25 — not affected by TransientStorageClearingHelperCollision (affects 0.8.28-0.8.33). Legacy 0.4.24 creates yellow signal; new code is clean. RD-F-174 yellow Dependency tree uses EOL Solidity version Solidity 0.4.24 is EOL. Legacy stETH core (AppProxyUpgradeable impl) uses this version by design — intentionally frozen Aragon-era contract. V2/V3 new code on 0.8.9/0.8.25 (actively supported range). openzeppelin-solidity@2.0.0 is legacy tied to Aragon era. Known technical debt, not an oversight.

RD-F-171 green Bytecode similarity to audited upstream with behavior deviation Lido is an original protocol with no upstream to compare against for bytecode similarity. V3 stVaults are novel architecture. No AI-copy-risk pattern applicable.

RD-F-172 green Repo shows AI-tool co-authorship in critical files Review of recent lidofinance/core commit history (fetched 2026-04-28): no commit messages mentioning AI tool co-authorship (Copilot, ChatGPT, etc.). Recent commits include dependency updates, circuit breaker fixes, and feature PRs. Absence of positive signal; undisclosed usage cannot be ruled out.

RD-F-173 green Team self-disclosure of AI-generated Solidity No public blog post, forum post, or documentation from Lido team disclosing AI-generated Solidity in security-critical paths found. Lido scorecard and dev process documentation emphasize formal verification, multi-firm auditing, and fuzzing.

Response & disclosure hygiene Green 17 4 of 4

RD-F-176 yellow Disclosure SLA public No explicit acknowledgment-time SLA published. In practice: same-day response for Chorus One emergency. Documentation gap. RD-F-178 yellow CVE/GHSA advisory issued against protocol No CVE (NVD) or GHSA filings found. Lido discloses via Immunefi, blog post-mortems, and governance forum bulletins. Standard DeFi industry gap.

RD-F-175 green Disclosure channel exists Primary: Immunefi $2M max bounty live since May 2021, 29 in-scope assets. Secondary: SEAL Safe Harbor agreement with safeharbor@lido.fi contact. $350K+ paid across 10 historical bounties. March 2026 batched bulletin demonstrates active channel use.

RD-F-177 green Prior known-ignored disclosure 0 known-ignored disclosures. Numic was proactive disclosure. March 2026 batched bulletin: 3 weaknesses reported via Immunefi, all patched promptly without exploitation.

rubric_version v1.7.0 graded_at 2026-05-12 04:38:07 factors 184 protocol lido