- Pin
- 🚀 Gate.io #Launchpad# for Puffverse (PFVS) is Live!
💎 Start with Just 1 $USDT — the More You Commit, The More #PFVS# You Receive!
Commit Now 👉 https://www.gate.io/launchpad/2300
⏰ Commitment Time: 03:00 AM, May 13th - 12:00 PM, May 16th (UTC)
💰 Total Allocation: 10,000,000 #PFVS#
⏳ Limited-Time Offer — Don’t Miss Out!
Learn More: https://www.gate.io/article/44878
#GateioLaunchpad# #GameeFi#
- 📢 Gate Post Ambassadors are Now Actively Recruiting!
Not sure how to become a Gate Post Ambassador? 🤔
Check the image below 👇️
🎁 Become an Ambassador to unlock exclusive privileges and enjoy generous benefits!
- Special Benefits Tasks
- Exclusive Merch
- Fan Red Packet Support
- VIP5 & Golden Mark
- Honorary Ambassador
Click the link to join ➡️ https://www.gate.io/questionnaire/4937
More details: https://www.gate.io/announcements/article/38592
- Dear Gate Post users, we’re excited to announce a brand-new upgrade to our user interface! The new version is simpler, smoother, and packed with many thoughtful new features. Update now and explore what's new! What do you think of the new Gate Post experience? Which features do you like most? Have you noticed any surprises or improvements? Share your experience now to split a $50 prize pool!
🎁 We'll select 5 users with outstanding posts, each winning $10!
How to participate:
1. Follow Gate_Post;
2. Create a post with the hashtag #MyGatePostUpgradeExperience# , sharing your feedback and experie
- 🚀 Gate.io #Launchpad# Initial Offering: #PFVS#
🏆 Commit #USDT# to Share 10,000,000 #PFVS# . The More You Commit, the More $PFVS You Receive!
📅 Duration: 03:00 AM, May 13th - 12:00 PM, May 16th (UTC)
💎 Commit USDT Now: https://www.gate.io/launchpad/2300
Learn More: https://www.gate.io/announcements/article/44878
#GateioLaunchpad#
- 👩 Gate Post User Experience Survey is Now Live! 💻
💙 We sincerely invite you to participate in our survey — your valuable feedback will help us continuously improve and grow!
💰 Complete and successfully submit the questionnaire for a chance to share a $200 points prize pool!
👉 Join Now: https://www.gate.io/questionnaire/6641
⏰ Event Period: May 8, 8:00 AM – May 18, 6:00 PM (UTC)
1.4 ETH Theft Incident: Analyzing How Lido Achieves Risk Isolation Through Decentralization Design
Author: @IsdrsP (Lido Validator Node Supervisor)
Compiled by: Nicky, Foresight News
In the early morning of May 10, oracle service provider Chorus One revealed that a hot wallet of Lido's oracle was hacked, resulting in the theft of 1.46 ETH. However, according to security audits, this isolated incident has limited impact, as the wallet in question was originally designed for lightweight operational purposes.
An oracle being attacked sounds really bad. However, Lido's architectural design, the value philosophy of stakeholders, and a security-oriented contributor culture mean that the impact of such events is extremely limited — even if the oracle is completely compromised, it will not result in catastrophic consequences.
So, what exactly is unique about Lido?
Thoughtful design and layered protection mechanisms
The oracle of Lido is responsible for transmitting information from the consensus layer to the execution layer and reporting protocol dynamics. They do not control user funds. A single faulty oracle will only cause minor issues, and even if the arbitration process (quorum) is compromised, it will not lead to catastrophic consequences.
What malicious actions might a single compromised oracle attempt?
A) Submit malicious report (but will be ignored by honest oracles);
B) exhausts the ETH balance of this specific oracle address (this address is only used for operational transactions and does not hold staker funds).
What responsibilities does the oracle actually bear?
The Lido oracle is essentially a distributed mechanism composed of 9 independent participants (requiring 5/9 to reach consensus), primarily responsible for reporting the protocol state, with current core functions including:
• Token inflation rewards distribution (rebase)
• Withdrawal process handling
• Verify node exit and performance monitoring for CSM (Community Security Module) reference.
These prophetic opportunities submit their observed state "reports" to the protocol. These reports are used to calculate the daily cumulative rewards or penalties, update stETH balances, process and ultimately confirm withdrawal requests, calculate validator exit applications, and measure validator performance.
Essentially, the Lido oracle is different from what people usually understand as "multi-signature." The oracle cannot access the funds of stakers and the protocol, nor can it control any protocol contract upgrades, let alone upgrade itself or manage membership. Instead, the Lido DAO maintains the oracle list through voting.
The functionality of the oracle is extremely limited — it can only perform the following operations: submit reports that strictly adhere to deterministic, audited, and open-source algorithms designed for different protocol objectives; execute transactions under specific circumstances to implement the results of the reports (e.g., the daily rebase operation of the protocol).
What would happen if 5 out of 9 oracles were breached? In this case, the breached oracle may collude to submit malicious reports, but any reports must pass protocol plausibility checks enforced on-chain.
If the report violates these reasonableness checks, its processing time will be extended (and may even never be) "settled," as the values in the report must fall within the allowable range of value changes for a specific period (several days or weeks).
In the worst-case scenario, this could mean that a rebase similar to stETH (whether positive or negative) takes longer to take effect, which would impact stETH holders, but the effect on most holders is minimal unless someone is using stETH with leverage in DeFi.
There are also other possibilities: if malicious oracles and their accomplices possess certain information or have the ability to impose large penalties (such as large-scale confiscation) at the consensus layer, they may exploit the execution layer's stETH update delay to gain economic benefits.
For example, if a large-scale confiscation occurs, some people may sell part of their stETH on decentralized exchanges (DEX) before the negative rebase takes effect. However, this will not affect the withdrawal operations initiated directly by users through Lido, as the protocol's "emergency mode" (bunker mode) will be activated to ensure the withdrawal process is executed fairly.
instant and complete transparency
From start to finish, all participants in the Lido ecosystem — whether contributors, Node operators, or oracle operators, etc., always prioritize transparency and goodwill, ensuring the rights of stakers and the healthy development of the entire ecosystem.
Whether it is actively publishing detailed post-analysis reports, compensating for staking losses caused by infrastructure downtime, proactively exiting validation nodes for preventive considerations, or quickly releasing comprehensive incident reports, these participants always regard transparency as a top priority.
Continuous iteration and upgrading
Lido is always at the forefront of technology research and development, committed to using zero-knowledge proof (ZK) technology to enhance the security and trustlessness of oracle mechanisms. As early as the initial stages, the team invested over $200,000 in special funds to support trustless verification of consensus layer data through zero-knowledge proof technology.
These explorations of technology ultimately led to the official launch of the SP1 zero-knowledge oracle "Double Verification" mechanism developed by the SuccinctLabs team within the year. This mechanism provides an additional security verification layer for potential negative rebase operations through verifiable consensus layer data.
Currently, this type of zero-knowledge technology is still in the development stage. The related zero-knowledge virtual machines (zkVM) not only need to undergo practical testing but also have limitations such as slower computation speed and higher computational costs, and cannot completely replace trusted oracles. However, in the long run, these solutions are expected to become a trust-minimized alternative to existing oracles.
Oracle technology is highly complex and has various application scenarios in the DeFi field. In the Lido protocol, oracles are carefully designed as core components, significantly reducing the impact of potential risks through an effective decentralized architecture, a separation of duties mechanism, and a multi-layer verification system.
Source of content: