Lido node operator InfStones agrees to rotate validator keys after vulnerability disclosure


Lido node operator InfStones agrees to rotate validator keys after vulnerability disclosure

InfStones, a key node operator for Lido Finance, is set to temporarily withdraw its Ethereum validators from the liquid staking protocol and implement key rotations in response to a significant vulnerability revealed by dWallet Labs’ security researchers.

The vulnerability, linked to the open-source library Tailon, was reported to InfStones in July 2023 and has since been resolved. Nonetheless, this event has led to the adoption of preventative security measures.

As the largest liquid staking protocol on Ethereum, Lido oversees 9.23 million ether, with a market value exceeding $19 billion. The protocol enables users to deposit ETH and participate in network staking through validator nodes, which in turn issue a derivative token to users as a representation of their staked deposit. A network of contributors, known as operators, is responsible for running these ETH validator nodes, providing the requisite IT infrastructure and servers necessary for their operation.

Lido Finance confirmed the vulnerability was related to potential root-level access that impacted 25 of InfStones’ validator servers. Lido clarified, however, that there’s no evidence of any key leakage or exploitation as a result of this issue.

“To clarify: There is currently no indication of key leakage or compromise, and the vulnerability may not affect validators related the Lido protocol,” it said.

In its security report, dWallet Labs alleged the vulnerability could have potentially triggered a security breach impacting the ETH staked through InfStones’ nodes on Lido. Consequently, the firm recommended the rotation of validator keys for all nodes that were possibly exposed to the vulnerability.

InfStones’ response

InfStones said the issue flagged by dWallet only affected a small part of its infrastructure, with less than 0.1% of its systems via a specific network port on its network that had the issue. As such it implied the affected validator nodes was a small number.

“The instances (servers) identified in production constitute a fraction below 0.1% of the live nodes we have launched to date. We found that outside traffic, through a port 55555 opened for Tailon, could imitate viewer privileges and access a portion of the development and testing data,” InfStones said.

Despite the absence of a confirmed key compromise, InfStones has proactively agreed to exit its validators and transition to new keys, pending governance’s approval, Lido Finance added. The ether that was previously staked on the potentially affected validators is planned to be redirected into the Lido protocol for re-staking, ensuring its continuity and stability.


Leave A Reply

Your email address will not be published.