Security Disclosures
A reverse-chronological (most recent first) record of security-related disclosures and post-mortem reports published by Lido. For details on impact, root cause, and resolution, refer to the linked reports. Dates reflect when the report was published. Disclosures and outage reports related to node operators can be found on research.lido.fi.
| Date | Type | Severity | Title | Links |
|---|---|---|---|---|
| 2026-03-23 | Bug Bounty | Low | Batched Immunefi-reported Weakness Disclosure | Forum |
| 2025-08-01 | Bug Bounty | High | CSVerifier Weak Validation of Historical Block GIndex | Forum |
| 2025-07-21 | Bug Bounty | Moderate | DG Weakness Reported Through Immunefi | Forum |
| 2025-07-01 | Bug Bounty | Low | NOR / SDVT Recovery-Lever Weakness | Forum |
| 2025-05-11 | Incident | High | Chorus One Oracle Compromise (Emergency Rotation) | Forum |
| 2023-07-05 | Incident | Low | Delayed Oracle Report | Blog |
| 2023-01-24 | Incident | High | bETH Anchor Integration Incident | Blog ยท Forum |
| 2023-01-03 | Incident | Low | Missed Oracle Reports / Rewards Delay | Blog |
| 2022-03-01 | Bug Bounty | Critical | UI Code Injection Vulnerability | Blog |
| 2021-10-06 | Bug Bounty | High | Deposit Contract Vulnerability | Blog ยท Forum ยท Medium |
Severity levels: Critical โ potential loss of staker funds or critical system compromise. High โ significant impact, may affect funds under specific conditions. Moderate โ limited impact, staker funds not at risk. Low โ minimal impact, informational or theoretical.
Last updated: 24 Mar 2026