โ† All Bounties
Lido logo

Lido

Liquid staking protocol for Ethereum allowing users to stake ETH without locking assets

ETHDeFi StakingPoC RequiredTriaged
Verified ProgramKYC Not RequiredPoC RequiredTriaged
Max Bounty$2,000,000
Min Bounty$1,000
PayoutUSDC
Findings0
Accepted0
Chains1
Live SinceMay 2021

01Severity & Rewards

02Program Rules

  1. 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
  2. 02KYC is not required for this program. Pseudonymous submissions are accepted.
  3. 03Submissions are triaged by the security team. Expect initial response within 48 hours of submission.
  4. 04Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
  5. 05Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
  6. 06Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.
  7. 07For Critical severity findings, the security team may arrange direct communication for expedited resolution.

โœ“ IN SCOPE

  • โ—stETH token contract
  • โ—Withdrawal queue
  • โ—Node operator registry
  • โ—Oracle reporting
CRITICAL FUNCTIONS
submit()handleOracleReport()requestWithdrawals()
HIGH FUNCTIONS
claimWithdrawals()addNodeOperator()setWithdrawalCredentials()

โœ• OUT OF SCOPE

  • โ—Frontend applications
  • โ—wstETH wrapper on L2s
  • โ—Off-chain oracle nodes

โ˜…Protocol Information

๐•Twitterโ†—๐Ÿ’ฌDiscordโ†—โœˆTelegramโ†—โ—‰Redditโ†—
๐Ÿ“ŠRank#143
Resources
โ—†Websiteโ†—๐Ÿ“„Docsโ†—โŒฅGitHubโ†—โœŽBlogโ†—๐Ÿ›กBounty Policyโ†—
Audited By
OpenZeppelin
Certora
Chainsecurity
ChainSecurity
Immunefi
MixBytes
Nethermind
1 Audit Report
Report #1 โ†—
Security Contacts
Securitysecurity@lido.fiContactinfo@lido.fi
Submit Finding โ†’โ† Browse All Programs
Bounty program indexed and verified by WhiteClawsProgram data sourced from on-chain analysis and public bounty disclosures.