Ethereum staking protocol Lido Finance claims that an apparent flaw in the logic of its token contract is never any longer a cause for effort.

In an X publish on Sept. 10, blockchain security firm SlowMist acknowledged it had identified an operational impart with the LDO Token contract, which it claims has been honest no longer too prolonged in the past exploited by malicious actors for “false deposit” attacks on exchanges.

“Namely, when the LDO token contract executes a transfer operation with a quantity exceeding the actual person’s right holdings, it doesn’t location off the identical outdated transaction rollback. As an different, it merely returns “unfounded” because the final consequence reasonably than indicating a failure,” wrote SlowMist on X.

The incorrect contract supposedly permits a malicious actor to send more LDO tokens to an change than they actually retain – a discrepancy that is also overpassed by many exchanges.

Lido replied to SlowMist’s claims, announcing that the contract’s habits became nothing out of the identical outdated and it conforms to the ERC-20 token usual. The staking platform assured users that both LDO and staked ETH (stETH) remained fetch.

Customarily, the ERC-20 token usual calls for the transfer function to be reversed if the sender lacks enough funds. Although it would possibly well well in point of fact seem that Lido’s contract deviates from this usual, Lido claims that transfer functions are required to advance transfer put aside and revert transactions in mighty cases.

However, one X particular person pointed out that the EIP documentation that Lido referred to stipulates that the transfer needs to be reversed if the transfer quantity exceeds the actual person’s steadiness.

“The exploitation of this security flaw raises broader questions in regards to the reliability of token contracts and adherence to enterprise standards. With the growing complexity of token contracts, the bother of identical vulnerabilities is big,” acknowledged one other particular person on X.