Lido: CSM-related vulnerability has been fixed, and the vulnerability was not exploited

ChainCatcher reports that Lido has published a security disclosure on the X platform: vulnerabilities related to Lido CSM and the permissionless validator contract used to verify validator withdrawals have been reported and fixed.

The vulnerability was not exploited, and no CSM node operators were affected. stETH holders were also not impacted. As part of the remediation, the vulnerability was addressed through an oracle mitigation solution (disabling the bond burning function) and the implementation of DAO Proposal No. 190.

Lido has paid a bug bounty to the white-hat hacker who disclosed the issue through the Lido×Immunefi program.