Wednesday, February 19, 2025

Lido DAO Implements Enhanced Oracle Protection with LIP-23 Deployment

Share

KEY TAKEAWAYS

  • Lido DAO has implemented LIP-23, enhancing security with a Negative Rebase Sanity Check and a pluggable Second Opinion system.
  • The integration of trustless oracle data providers, like Succinct Labs, aims to prevent significant negative rebases and protect DeFi protocols using stETH.
  • New measures include stricter sanity check parameters and trustless verification through ZK Oracle technology, ensuring robust protection for stETH holders.
  • The deployment represents a major step in Lido’s commitment to secure protocol development, with future integrations planned for enhanced oracle verification.

Following a successful vote by LDO token holders, Lido DAO contributors have deployed LIP-23, known as the Negative Rebase Sanity Check with a pluggable Second Opinion system. This new layer introduces additional safeguards through strict verification of AccountingOracle reports. It also plans to integrate trustless oracle data providers, anticipating a solution from Succinct Labs, funded through a LEGO grant and based on SP1 zkVM.

The integration of stETH across decentralized finance (DeFi) protocols has increased the importance of robust and reliable oracles. The Lido protocol relies on an Oracle committee to report external data, including validator balances on the Consensus Layer, which directly affects stETH token value through rebasing. A compromised AccountingOracle could trigger significant negative rebases, potentially causing cascading liquidations in DeFi protocols where stETH is used as collateral, leading to broader market turbulence.

Introducing ZK-Verified Oracle Protection

The Lido protocol has deployed a comprehensive system that introduces strict mathematical limits on negative rebases while establishing a framework for pluggable external balance-reporting trustless oracles. This supports the upcoming Succinct SP1 solution, currently being tested on the Sepolia testnet and Mainnet, isolated from the protocol. This dual approach ensures that any changes to user balances are both limited in scope and trustlessly verified.

The system achieves this through multiple layers of protection:

1. Stricter Sanity Check Parameters: The system changes the AccountingOracle sanity check parameters from a 5% daily limit on Consensus Layer validator balance and withdrawal vault balance decrease to a maximum of approximately 3.4% over an 18-day window, equivalent to a 1.101 ETH decrease per validator. This precise calibration minimizes potential losses of user assets while allowing for normal validator operations and necessary penalties reports to arrive.

2. Trustless Verification: Succinct Labs’ ZK Oracle implementation on SP1 zkVM provides trustless verification by independently calculating validator balances and generating zero-knowledge proofs. This cryptographic solution serves as a “second opinion” to verify AccountingOracle reports containing negative rebase incurring data.

3. Smart Contract Safeguards: The system enforces carefully calibrated parameters through smart contracts, delivering key benefits to stETH holders and DeFi users. It offers stronger protection against negative rebases through mathematical limits and enhanced stability for stETH positions across DeFi applications, all while requiring no changes to how users interact with the protocol.

Rigorous Security and Future Integration

The deployment follows a two-stage process:

Stage 1: Negative Rebase Protection (Currently Live on Mainnet) – When the Oracle committee submits a report that would result in a negative rebase.

Stage 2: Second Opinion Integration (Upcoming) – When second opinion capabilities are activated.

The 0.5% error tolerance limit was carefully calibrated based on current protocol TVL and validator economics. At current TVL levels, an attack would require activating approximately 1,500 validators, making manipulation both extremely costly and ultimately unprofitable. Furthermore, with triggerable withdrawals soon available on Ethereum through EIP-7002, such an attack becomes even more impractical as forged validators could be forced to exit.

Succinct Labs’ ZK Oracle implementation on SP1 achieves significant efficiency on Mainnet test runs. More details will be provided on the Lido research forum later.

This deployment represents a significant milestone in contributors’ ongoing commitment to protocol development and protection. The integration of Succinct Labs’ ZK Oracle built on SP1 zkVM technology should demonstrate how advanced cryptography enhances liquid staking protocols. The next major step will be the integration of Succinct Labs’ ZK Oracle on SP1 zkVM technology as a second opinion verifier. This integration will require its own process, including a separate LDO token holder vote after comprehensive testing, technical security audits, and several months of parallel running alongside existing systems before it can be connected to the SanityChecker contract.

For more information, the official announcement can be found here.


Disclaimer: The views expressed in this article are those of the authors and do not necessarily reflect the official policy of CoinsHolder. Content, including that generated with the help of AI, is for informational purposes only and is not intended as legal, financial, or professional advice. Readers should do their research before taking any actions related to the company and carry full responsibility for their decisions.
Neel Kapoor
Neel Kapoor
Neel Kapoor is a dedicated cryptocurrency enthusiast and blockchain expert at Coinsholder.com. With over a decade of experience, Neel offers insightful analysis and commentary on the latest trends and innovations in the crypto space. His clear and concise writing makes complex topics accessible to all readers.

Read more

Related Articles