A critical bug in Ethereum 2.0 staking pools has been safely fixed. The vulnerability put staked Ethereum tokens at risk. A security vulnerability affecting funds in ETH 2.0 stake pools has been safely fixed without causing any major problems. cryptocoin.com We are now in the details.
Error in Ethereum (ETH)
The bug was spotted by StakeWise founder Dmitri Tsumak, who collaborated with rival staking protocols to protect users’ funds. Although open patched, the affected protocols are still working for a more permanent fix. Dmitri Tsumak, founder of ETH 2.0 staking platform StakeWise, discovered a serious vulnerability affecting ETH staking rivals Rocket Pool and Lido. Rocket Pool and Lido will each pay Tsumak a $100,000 bug bounty for fixing the problem.
Late on Monday evening, StakeWise founder Dmitri Tsumak discovered a vulnerability that would allow node operators to withdraw funds from ETH 2.0 liquid stake pools. Tsumak initially identified the vulnerability in the architecture of Rocket Pool, the soon-to-be-released ETH staking protocol. Under further investigation, it was found that the bug also affected Lido, the largest existing ETH 2.0 stake pool on Ethereum, with a total of $4.66 billion locked in that pool.
While the node operators chosen by Rocket Pool and Lido are reliable, the bug highlights a critical vulnerability in the smart contract architecture that governs the protocols. While the bug was live, around 100 ETH user funds were at risk. After Tsumak reported the error using a pseudonym, the Rocket Pool team quickly informed Lido that the funds in its protocol were also at risk. The next morning, both protocols took measures to ensure the safety of their users’ funds. The bug was detected just 24 hours before Rocket Pool went live on the Ethereum mainnet; The launch has now been delayed.
The error was shared with the public.
Rocket Pool and Lido have applied temporary patches to secure users’ funds, but the issue is not yet fully resolved. Both protocols have outlined a plan of action and are currently working towards a more permanent solution to the vulnerability. After the incident was resolved, the parties involved took to social media to inform their communities about what happened. Despite being the founder of Rocket Pool rival StakeWise, he thanked Tsumak for reporting the bug. On Twitter, StakeWise explained why it decided to make information about the vulnerability public after the patch was made, saying:
At StakeWise, we believe the more secure we are collectively, the stronger the entire #ETH2 staking ecosystem, even when dealing with our competitors. To achieve this, we must communicate and have each other’s backs.
Both Rocket Pool and Lido agreed to pay Tsumak $100,000 to fix the problem, the maximum amount specified in Lido’s bug bounty program. While vulnerabilities in DeFi protocols are not uncommon, they are often identified before hackers exploit them. In August, Paradigm.xyz’s Samzcsun identified a $350 million vulnerability in SushiSwap’s MISO smart contracts. The vulnerability was detected and fixed before the hackers received any funding. The Sushi team paid Samzcsun a reward of 1 million USDC to help detect and fix the bug.
Contact us to be instantly informed about the last minute developments. twitter‘in, Facebookin and InstagramFollow and Telegram and YouTube join our channel!
Disclaimer: The articles and articles on Kriptokoin.com do not constitute investment advice. Cryptokoin.com does not recommend buying or selling any cryptocurrencies or digital assets, nor is Kriptokoin.com an investment advisor. For this reason, Kriptokoin.com and the authors of the articles on the site cannot be held responsible for your investment decisions. Readers should do their own research before taking any action regarding the company, assets or services in this article.
Warning: Citing the news content of Kriptokoin.com and quoting by giving a link is subject to the permission of Kriptokoin.com. No content on the site can be copied, reproduced or published on any platform without permission. Legal action will be taken against those who use the code, design, text, graphics and all other content of Kriptokoin.com in violation of intellectual property law and relevant legislation.