dRdefRes
Lido logo

Lido

Tier 1

lido

Liquid Staking
EthereumMoonbeamMoonriverSolanaTerra

Liquid staking for Ethereum and Polygon. Daily staking rewards, no lock ups.

6.9Safety Score70% confidence

Latest TVL

$18.86B

DeFiLlama · updated 5/20/2026

Audits

5

reports collected

Findings

71

across all audits

Last Updated

5/21/2026

Analyzed

Analysis Overview

🏗️

Protocol Overview

Lido is a liquid staking protocol where users stake ETH and receive stETH tokens that accrue daily staking rewards with no lock-up. It anchors approximately $18.86 billion in TVL across Ethereum and four other chains, making it systemically important for Ethereum's proof-of-stake consensus. Lido V3 introduces isolated staking vaults managed through VaultHub, LazyOracle, and PinnedBeaconProxy. Key risks include oracle dependency for vault state, node operators with no on-chain stake, complexity of the quarantine mechanism, and V3 code that was not live at time of audit.
🔒

Code Security

7.5/10
Lido has undergone five audits, with the primary Consensys Diligence review of V3 identifying 43 findings (2 critical, 5 major, 18 medium, 18 minor). Both critical findings — a PinnedBeaconProxy constructor exploit and a compound quarantine bypass enabling uncollateralized stETH minting — were fixed. Five Cyfrin audits covering circuit breaker and vault middleware found no high-severity issues. The score of 7.5/10 reflects strong security investment (10-week audit, formal verification, continuous fuzzing) but is tempered by high finding density, four acknowledged residual findings, and V3 code not yet live at audit time.
💰

Economic Security

7.0/10
Lido holds $18.86B in TVL with a dual-layer oracle system using a 2-day freshness window as its primary safeguard. Multiple critical and major oracle findings (quarantine bypass, stale report reuse, missing freshness checks) were all fixed before production. Vault isolation mitigates flash loan risk, but cross-vault debt socialization via VaultHub creates contagion potential. stETH is integrated across hundreds of DeFi protocols, making depeg events a systemic risk. Score: 7.0/10.
👥

Team & Transparency

6.5/10
Lido is operated as a DAO with no disclosed legal entity or named team, typical of DeFi but limiting accountability assessment. The protocol has operated since 2020 and carries $18.8B in TVL, indicating market trust. Five audits including tier-1 Consensys Diligence and multiple Cyfrin reviews demonstrate serious security investment. The team responded professionally, fixing all critical and major findings. Score: 6.5/10. The workspace lacks team composition data, governance documents, and community metrics, preventing full social assessment.
🗳️

Governance

5.0/10
Lido uses a hybrid DAO model where LDO token holders vote on proposals while the DAO Agent holds immutable admin control over critical contracts. Pausers run via multisig with a heartbeat liveness mechanism. The immutable ADMIN with no transfer mechanism means CircuitBreaker must be redeployed if the agent address needs to change, creating a potential liveness gap. Single-pauser-per-pausable design means emergency pause coverage drops to zero during heartbeat expiry before admin re-registration. Core contracts remain upgradable via governance. Score: 5.0/10.
🔗

Cross-Analysis

Six compound attack vectors emerge when findings are combined across domains. The most likely failure mode is stETH depeg during market stress (historically self-correcting) with MEV extraction and redemption queue congestion. The worst case chains oracle manipulation, DAO Agent compromise, and vault debt socialization into a cascading failure affecting Ethereum DeFi broadly. Systemic risks include stETH composability across hundreds of DeFi protocols, shared LDO governance across five chains, and a four-acknowledged-finding residual that includes an explicit audit recommendation to delay V3 production.

Executive Summary

Executive Summary: Lido

Safety Rating: YELLOW_GREEN

Overall Score: 6.9/10 | Confidence: 0.70 | Data Completeness: 0.50 "Lido's composite risk profile reflects a mature, battle-tested protocol operating at systemic scale ($18.86B TVL, tier 1 classification) with meaningful security investments (5 audits, formal verification, fuzzing)"

Scores by Dimension

DimensionScoreKey Finding
Code Security7.5/10Two critical findings (PinnedBeaconProxy and quarantine bypass) were identified and fixed before V3 production; high audit quality with formal verification on CircuitBreaker "Score: 7.5/10"
Economic Security7.0/10$18.86B TVL makes Lido systemically important for Ethereum; vault isolation limits flash loan risk but cross-vault debt socialization creates residual contagion "Score: 7.0/10"
Team Transparency6.5/10Strong security transparency via 5 professional audits with documented remediation, but no team information or social media data available in workspace "Score: 6.5/10"
Governance5.0/10Hybrid DAO model with immutable ADMIN and single-pauser design creates liveness gaps; trust-based role model without on-chain accountability "Score: 5.0/10"
Track Record7.5/105 audits with 88% fix rate (38/43 findings resolved); operating since 2020 with tier-1 protocol status and professional engagement with tier-1 auditors "The available audit data shows Lido V3 underwent extensive security review"

What This Protocol Does

Lido is a liquid staking protocol that enables users to stake Ethereum and receive stETH tokens that accrue daily staking rewards with no lock-up periods. Lido V3 introduces isolated staking vaults where any user can deploy and control their own vault, with ETH staked to validators whose withdrawal credentials point back to the vault. "Lido is a liquid staking protocol that enables users to stake Ethereum (ETH) and other assets to earn staking rewards while maintaining liquidity"

Key Strengths

  • Tier-1 auditor engagement: 10-week Consensys Diligence review plus Cyfrin audits covering circuit breaker, vault middleware, and formal verification demonstrate serious security investment "Tier 1 auditor engagement (Consensys Diligence, 10+5 weeks)"
  • High audit fix rate: 38 of 43 findings from the primary Consensys audit were fixed; remaining 4 are acknowledged design decisions rather than vulnerabilities "39 of 43 findings are marked Fixed or Partially Addressed"
  • Vault ossification option: StakingVault supports ossification, allowing vault owners to lock implementation permanently once satisfied for progressive decentralization "StakingVault supports ossification, allowing vault owners to lock implementation permanently"
  • Formal verification: Certora Prover verified 38/41 properties on CircuitBreaker, providing mathematical guarantees on critical emergency mechanisms "41 properties verified using Certora Prover; 38/41 verified"
  • Full ETH backing: stETH maintains a direct 1:1 ETH backing claim, avoiding reflexive minting/burning spirals that plague algorithmic protocols "stETH maintains a direct 1:1 ETH backing claim"

Key Risks

  • Cross-vault debt socialization: The socializeVaultDebt mechanism in VaultHub creates inherent economic coupling where healthy vaults absorb liabilities from defaulted ones, creating adverse selection risk "The `socializeVaultDebt` mechanism in VaultHub creates inherent cross-vault economic coupling"
  • Governance centralization: Immutable ADMIN with sole authority over pauser assignment and no transfer mechanism creates single point of failure "No admin transfer mechanism — ADMIN is immutable"
  • Heartbeat liveness gap: CircuitBreaker's single-pauser design means zero emergency pause coverage between heartbeat expiry and admin re-registration "between heartbeat expiry and admin re-registration, the pausable contract has zero emergency pause coverage"
  • stETH composability risk: stETH integrated across hundreds of DeFi protocols creates contagion pathways for both stETH inflation and depeg scenarios "stETH is integrated across hundreds of DeFi protocols"
  • Oracle complexity: Permissionless updateVaultData combined with multi-layer oracle architecture introduces residual surface for manipulation "The LazyOracle's permissionless `updateVaultData` means oracle integrity relies entirely on upstream HashConsensus report correctness"

Critical Findings

  • Quarantine bypass + DAO Agent compromise (Vector 1): A compound attack combining residual oracle freshness bypass and DAO Agent control over pauser assignment could enable uncollateralized stETH inflation at scale "Bypassing Quarantine and Reusing Same Report Allows Minting Uncollateralized stETH Critical"
  • V3 audit "delay production" recommendation: Consensys explicitly recommended delaying V3 production deployment; the core V3 vault system had not been live at audit time "We recommend delaying production deployment and ensuring continued engagement with the bug bounty program"
  • No team information available: Workspace lacks any team composition, legal structure, or key member backgrounds—standard for DeFi but limits accountability assessment "No team information available in the current data workspace"

Recommendation

Lido is suitable for risk-tolerant users seeking Ethereum staking yield who understand that they are interacting with a systemically important DeFi protocol carrying governance and oracle complexity risks. The protocol demonstrates strong security investment through multi-round audits and formal verification, and its $18.86B TVL reflects institutional trust. However, users with low risk tolerance should note the governance weaknesses (immutable ADMIN, single-pauser design) and the CircuitBreaker liveness gaps that create documented emergency response windows. The cross-vault debt socialization model means vault owners are not fully isolated from systemic risk despite the marketed isolation architecture. Users concerned about governance risk should wait for the V3 code to operate under extended live conditions and for governance documentation (timelock duration, LDO distribution) to be made publicly available.

Report Sections

  • Protocol Overview
  • Code Security
  • Economic Security
  • Social & Team
  • Governance
  • Cross-Risk Analysis

Vulnerability Findings

Critical2High5Medium16Low36Info12

Audit Reports (5)

AuditorTierStatusDiscoveredLink
Consensys Diligencetier_1completed1/1/1999View ↗
Unknowncompleted1/1/1999View ↗
Unknowncompleted1/1/1999View ↗
Unknowncompleted1/1/1999View ↗
Unknowncompleted1/1/1999View ↗