AI Fake Detection: Lido Assures LDO StETH Tokens Remain Safe Despite Flaw in Token Contract
Lido assures LDO, stETH tokens remain safe despite flaw in token contract

AI Fake Detection for Crypto Security

Ethereum staking protocol Lido Finance has assured both Lido DAO (LDO) and staked-Ether (stETH) tokens remain secure despite reports of hackers exploiting a known security flaw in LDO’s token contract.

Lido did not confirm any exploits, but acknowledged the security flaw was known and reassured LDO and stETH funds are safe in response to a Sept. 10 post by blockchain security firm SlowMist.

SlowMist said LDO’s flawed token contract allows malicious actors to execute “fake deposit” attacks on exchanges because LDO’s token contract enables users to transact even without sufficient funds. This code deviates from the Ethereum Request for Comment 20 (ERC-20) token standard, according to SlowMist.

However, Lido Finance argued the flaw is built into all ERC-20 tokens — not just Lido’s LDO token — and highlighted the need for AI fake detection to improve crypto security.

AI-Generated Fake Attacks on LDO Token Contract

SlowMist has reported that the “fake deposit” attacks on LDO’s token contract are due to the execution of transfers with a value larger than the user’s actual ownership, resulting in a false return instead of reverting the transaction. Although the firm stated that the token contract has recently been exploited, no on-chain evidence was provided. Cointelegraph contacted SlowMist for comment but did not receive a response.

On-chain analyst “Hercules” mentioned on Sept. 10 that cryptocurrency exchanges may not detect the security flaw. SlowMist advises LDO holders to check the return values of the token contract transfers in addition to the success or failure of a transaction.

AI and Fake Detection for Crypto

The blockchain security firm concluded that token contract implementations and behaviors vary by project and that comprehensive testing is necessary before integrating any new tokens.

Vitalik Buterin’s Ethereum Improvement Proposal document, co-authored in November 2015, states that both the “transfer” and “transferFrom” functions must return the transfer status and are only recommended to revert a transaction in exceptional cases.

To address the security issue, Lido has confirmed that the LDO token integration guides will soon be updated with AI fake detection for crypto.

Categorized in:

Tagged in: