{"id":938,"date":"2024-10-17T16:56:28","date_gmt":"2024-10-17T14:56:28","guid":{"rendered":"https:\/\/ackee.xyz\/blog\/?p=938"},"modified":"2025-02-03T11:42:05","modified_gmt":"2025-02-03T09:42:05","slug":"lido-csm-audit-summary","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/lido-csm-audit-summary\/","title":{"rendered":"Lido CSM Audit Summary"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Lido Community Staking Module (CSM) is a permissionless module allowing community stakers to operate Ethereum validators with lower entry costs. Stakers provide stETH bonds, serving as security collateral, and receive rewards in the form of bond rebase and staking rewards (including execution layer rewards), which are socialized across Lido&#8217;s staking modules. Lido Staking Router (SR) V2 is a component that utilizes a modular design with support for staking modules like CSM.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ackee Blockchain Security assigned two specialized teams to audit the Lido CSM update, with one focusing on the Community Staking Module (CSM) and the other on the Staking Router (SR). The Lido CSM update itself is divided into two parts: new contracts for the CSM codebase in a separate repository and changes to existing core contracts, such as the SR. To ensure a thorough and efficient review, the respective teams audited these two parts in parallel, each addressing the security aspects of both CSM and SR.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Across both reports, Ackee Blockchain Security discovered 46 issues which resulted in 32 fixes by Lido Finance.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Lido Finance engaged Ackee Blockchain Security to perform a security review of the Lido Finance Community Staking Module for a total of 74 engineering days in a period between July 16 and September 6, 2024.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Lido Finance also engaged Ackee Blockchain Security to perform a security review of the Lido Finance Staking Router for a total of 26 engineering days in a period between July 22 and August 23, 2024.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Both time donations included Fuzzing with <\/span><a href=\"https:\/\/getwake.io\/\"><span style=\"font-weight: 400;\">Wake Framework<\/span><\/a><span style=\"font-weight: 400;\">. The audit resulted in 7831 lines of fuzz tests, 58 execution flows, and 36 stateful invariants. All tests have been pushed public to the <\/span><a href=\"https:\/\/github.com\/Ackee-Blockchain\/awesome-wake-tests\"><span style=\"font-weight: 400;\">awesome-wake-tests<\/span><\/a><span style=\"font-weight: 400;\"> repo. The audit of CSM and SR contained 5256 and 3434 lines of code, respectively.<br \/>\n<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">METHODOLOGY<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The CSM methodology includes the review, implementation and execution of <a href=\"https:\/\/ackee.xyz\/blog\/introducing-manually-guided-fuzzing-a-new-approach-in-smart-contract-testing\/\" target=\"_blank\" rel=\"noopener\">manually-guided differential stateful fuzz tests<\/a> in Wake testing framework to verify the correctness of the system. Ackee performed a thorough manual review of the code, focusing on the following aspects:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">bond supplied by node operators is correctly accounted and cannot be stolen by any account,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the system contains no underflow\/overflow issues that could lead to invalid state updates,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">permissionless functions cannot be abused to bring node operators into unintended states and prevent them from performing actions on the contracts,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">node operators are unable to deposit invalid keys and break the system functionality,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">CSM cannot cause denial of service to other staking modules and to the logic responsible for depositing keys,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">node operators are able to withdraw their rewards and unbonded funds without any issues,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">it is not possible to forge proofs of validator slashing or withdrawal that are not true but accepted by the smart contracts,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the system cannot suffer from denial of service attacks by node operators spamming transactions,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">access controls are properly enforced in all critical functions without being overly restrictive or loose,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">node operators are unable to gain more rewards than stated in the rewards distribution report,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">rewards distribution report cannot be accepted if there is not enough votes to reach the configured quorum,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">node operators cannot bring validators into unexpected states, breaking the module\u2019s logic.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The manual review was performed in parallel and in sync with the <\/span><span style=\"font-weight: 400;\">Staking Router<\/span><span style=\"font-weight: 400;\"> audit performed by Ackee Blockchain Security. All issues of possibly medium severity or higher were immediately reported to the Lido team. These issues include the report date in their descriptions in this document. The review was concluded using static analysis tools, including <\/span><a href=\"https:\/\/getwake.io\/\"><span style=\"font-weight: 400;\">Wake<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The SR methodology includes the creation of a Python model of the Lido protocol with the new Curated Staking Module (NodeOperatorsRegistry) and Community Staking Module (CSM) as modules. All the in-scope contracts were deployed, including the CSM codebase, the remaining protocol architecture was forked from the mainnet. On the Python model, Ackee has built a manually guided fuzzing campaign, with flows implemented for each function in the contracts. Finally, we\u2019ve defined several stateful invariants where most notable ones are:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the Python state is the same as in the contracts (differential testing approach),<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">invariants on key counts (e.g. deposited keys count is always less or equal to the vetted keys count),<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">correct incrementation of nonces,and more stateless checks, such as correct event emission.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">During the Staking Router review, Ackee paid special attention to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">exploring a potential attack surface of the core contracts because of introducing permissionless staking modules,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">new unvetting and pausing mechanism in DepositSecurityModule,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">possible guardians misbehaving, including signature replays and correct nonces usage,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">multi-transactional third-phase reports from accounting oracle,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">permissionless reward distribution in NodeOperatorsRegistry,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring overall access controls are not too relaxed or too strict,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">and looking for common issues such as data validation.<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">SCOPE<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The CSM audit report has been performed on the commits <code class=\"codehl\">8ce944<\/code> and <code class=\"codehl\">13f78f<\/code> in the community-staking-module and easy-track repositories, respectively.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">all files in src directory, excluding src\/interfaces, in the community-staking-module repository,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">contracts\/EVMScriptFactories\/CSMSettleELStealingPenalty.sol in the easy-track repository.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The SR audit report further specifies the scope on the commit <code class=\"codehl\">fafa23<\/code> and includes the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">contracts\/0.4.24\/nos\/NodeOperatorsRegistry.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">contracts\/0.8.9\/DepositSecurityModule.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">contracts\/0.8.9\/StakingRouter.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">contracts\/common\/lib\/MinFirstAllocationStrategy.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">contracts\/0.8.9\/oracle\/AccountingOracle.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">contracts\/0.8.9\/sanity_checks\/OracleReportSanityChecker.sol<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">FINDINGS<\/span><\/h2>\n<p>The classification of a security finding is determined by two sub-ratings: Impact and Likelihood. This two-dimensional rating makes the severity of issues more noise-free, without losing any information. The likelihood factor usually decreases severity of medium issues that would be just acknowledged by the team to infos and warning<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-944\" src=\"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2024\/10\/CleanShot-2024-10-22-at-14.04.26@2x.png\" alt=\"\" width=\"2098\" height=\"854\" srcset=\"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/CleanShot-2024-10-22-at-14.04.26@2x.png 2098w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/CleanShot-2024-10-22-at-14.04.26@2x-300x122.png 300w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/CleanShot-2024-10-22-at-14.04.26@2x-1024x417.png 1024w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/CleanShot-2024-10-22-at-14.04.26@2x-768x313.png 768w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/CleanShot-2024-10-22-at-14.04.26@2x-1536x625.png 1536w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/CleanShot-2024-10-22-at-14.04.26@2x-2048x834.png 2048w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/CleanShot-2024-10-22-at-14.04.26@2x-370x151.png 370w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/CleanShot-2024-10-22-at-14.04.26@2x-760x309.png 760w\" sizes=\"auto, (max-width: 2098px) 100vw, 2098px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">The Lido CSM+SR findings total 46 issues out of which 32 issues were fixed by Lido Finance.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400;\">Critical<\/span><\/td>\n<td><span style=\"font-weight: 400;\">High<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Medium<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Low<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Info<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Warning<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Total<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">0<\/span><\/td>\n<td><span style=\"font-weight: 400;\">0<\/span><\/td>\n<td><span style=\"font-weight: 400;\">1<\/span><\/td>\n<td><span style=\"font-weight: 400;\">11<\/span><\/td>\n<td><span style=\"font-weight: 400;\">18<\/span><\/td>\n<td><span style=\"font-weight: 400;\">16<\/span><\/td>\n<td><span style=\"font-weight: 400;\">46<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><span style=\"font-weight: 400;\">CONCLUSION<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Our review resulted in 46 findings, ranging from Info to Medium severity, out of the 46 findings 32 were fixed by Lido Finance. The most severe one M1 results in valid keys covered bond not being deposited, incorrectly preventing node operators from creating new validators under certain circumstances.<\/span><\/p>\n<p><b>Ackee Blockchain Security recommends Lido Finance:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensure the off-chain services are working as expected to achieve the security guarantees of the system,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">be cautious when using unsafe functions and functions that do not properly update all internal state, such as CSAccounting.updateBondCurve or CSAccounting.setBondCurve,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">avoid using unchecked blocks that heavily rely on correctness of external contracts, where breaking the assumptions may lead to critical vulnerabilities,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensure the contracts are deployed and initialized atomically so no front-running of initialization functions is possible,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">address all the reported issues.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><b>Ackee Blockchain Security\u2019s full Lido Finance CSM audit report can be found <a href=\"https:\/\/github.com\/Ackee-Blockchain\/public-audit-reports\/blob\/master\/2024\/ackee-blockchain-lido-community-staking-module-report.pdf\" target=\"_blank\" rel=\"noopener\">here<\/a>. The Lido Finance SR report can be found <a href=\"https:\/\/github.com\/Ackee-Blockchain\/public-audit-reports\/blob\/master\/2024\/ackee-blockchain-lido-staking-router-v2-report.pdf\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/b><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">We were delighted to audit Lido Finance and look forward to working with them again.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lido Community Staking Module (CSM) is a permissionless module allowing community stakers to operate Ethereum validators with lower entry costs. Stakers provide stETH bonds, serving as security collateral, and receive rewards in the form of bond rebase and staking rewards (including execution layer rewards), which are socialized across Lido&#8217;s staking modules. Lido Staking Router (SR) V2 is a component that utilizes a&hellip;<\/p>\n","protected":false},"author":14,"featured_media":939,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,10,103],"tags":[89,32,137,50,104],"class_list":["post-938","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-audits","category-ethereum","category-wake","tag-audit-summary","tag-defi","tag-lido","tag-staking","tag-wake"],"aioseo_notices":[],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/Manual-Guided-Fuzzing-Ackee-1-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/Manual-Guided-Fuzzing-Ackee-1-600x600.png","author_info":{"display_name":"Michal P\u0159evr\u00e1til","author_link":"https:\/\/ackee.xyz\/blog\/author\/michal-prevratil\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/938","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=938"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/938\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/939"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=938"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}