- Pin
- 🚀 Gate.io #Launchpad# for Puffverse (PFVS) is Live!
💎 Start with Just 1 $USDT — the More You Commit, The More #PFVS# You Receive!
Commit Now 👉 https://www.gate.io/launchpad/2300
⏰ Commitment Time: 03:00 AM, May 13th - 12:00 PM, May 16th (UTC)
💰 Total Allocation: 10,000,000 #PFVS#
⏳ Limited-Time Offer — Don’t Miss Out!
Learn More: https://www.gate.io/article/44878
#GateioLaunchpad# #GameeFi#
- 📢 Gate Post Ambassadors are Now Actively Recruiting!
Not sure how to become a Gate Post Ambassador? 🤔
Check the image below 👇️
🎁 Become an Ambassador to unlock exclusive privileges and enjoy generous benefits!
- Special Benefits Tasks
- Exclusive Merch
- Fan Red Packet Support
- VIP5 & Golden Mark
- Honorary Ambassador
Click the link to join ➡️ https://www.gate.io/questionnaire/4937
More details: https://www.gate.io/announcements/article/38592
- Dear Gate Post users, we’re excited to announce a brand-new upgrade to our user interface! The new version is simpler, smoother, and packed with many thoughtful new features. Update now and explore what's new! What do you think of the new Gate Post experience? Which features do you like most? Have you noticed any surprises or improvements? Share your experience now to split a $50 prize pool!
🎁 We'll select 5 users with outstanding posts, each winning $10!
How to participate:
1. Follow Gate_Post;
2. Create a post with the hashtag #MyGatePostUpgradeExperience# , sharing your feedback and experie
- 🚀 Gate.io #Launchpad# Initial Offering: #PFVS#
🏆 Commit #USDT# to Share 10,000,000 #PFVS# . The More You Commit, the More $PFVS You Receive!
📅 Duration: 03:00 AM, May 13th - 12:00 PM, May 16th (UTC)
💎 Commit USDT Now: https://www.gate.io/launchpad/2300
Learn More: https://www.gate.io/announcements/article/44878
#GateioLaunchpad#
- 👩 Gate Post User Experience Survey is Now Live! 💻
💙 We sincerely invite you to participate in our survey — your valuable feedback will help us continuously improve and grow!
💰 Complete and successfully submit the questionnaire for a chance to share a $200 points prize pool!
👉 Join Now: https://www.gate.io/questionnaire/6641
⏰ Event Period: May 8, 8:00 AM – May 18, 6:00 PM (UTC)
Behind the 1.4 ETH theft: Lido's security mechanism teaches the industry a lesson
Written by: @IsdrsP (Lido Validator Node Manager)
Compiled by: Nicky, Foresight News
On May 10th, the oracle service provider Chorus One disclosed that a hot wallet of the Lido oracle was hacked, resulting in the theft of 1.46 ETH. However, according to security audits, this isolated incident has limited impact, as the wallet in question was originally designed for lightweight operational purposes.
The attack on the Oracle Machine indeed sounds terrible. However, Lido's architectural design, the value philosophy of stakeholders, and a security-oriented contributor culture mean that the impact of such events is extremely limited — even if the Oracle Machine is completely compromised, it will not lead to catastrophic consequences.
So, what exactly makes Lido unique?
Thoughtful Design and Layered Protection Mechanism
The Oracle Machine of Lido is responsible for transmitting information from the consensus layer to the execution layer and reporting protocol dynamics. They do not control user funds. A single faulty Oracle Machine will only cause minor issues, and even if the arbitration process (quorum) is compromised, it will not result in catastrophic consequences.
What malicious actions might a single compromised Oracle Machine attempt?
A) Submit malicious report (but will be ignored by honest Oracle Machine);
B) depletes the ETH balance of this specific Oracle Machine Address (this address is used solely for operating transactions and does not hold the funds of stakers).
What responsibilities does the Oracle Machine actually bear?
The Oracle Machine of Lido is essentially a distributed mechanism composed of 9 independent participants (with 5/9 required for consensus), mainly responsible for reporting the protocol status, with the current core functions including:
• Token inflation rewards distribution (rebase)
• Withdrawal Process Handling
• Verification of node exit and performance monitoring for CSM (Community Security Module) reference.
These oracle machines will submit their observed state "reports" to the protocol. These reports are used to calculate the daily accumulated rewards or penalties, update the stETH balance, process and ultimately confirm withdrawal requests, calculate validator exit applications, and measure the performance of validators.
Essentially, the Lido Oracle Machine is different from what people usually understand as "multi-signature". The Oracle Machine cannot access the funds of stakers and protocols, nor can it control any protocol contract upgrades, let alone upgrade itself or manage membership. Instead, the Lido DAO maintains the list of Oracle Machines through voting.
The functionality of the Oracle Machine is extremely limited – it can only perform the following operations: submit reports that strictly adhere to deterministic, audited, and open-source algorithms designed for different protocol objectives; execute transactions in specific circumstances to implement the results of the reports (for example, the daily rebase operation of the protocol).
If 5 out of 9 Oracle Machines are compromised, what would be the worst-case scenario? In this case, the compromised Oracle Machines may collude to submit malicious reports, but any report must pass the on-chain enforced protocol rationality check.
If the report violates these reasonableness checks, its processing time will be extended (and may even never be) "settled", because the values in the report must conform to the allowable range of value changes within a specific time period (a few days or weeks).
In the worst-case scenario, this could mean that a rebase similar to stETH (whether positive or negative) would take longer to take effect, which would impact stETH holders, but the effect on most holders would be minimal unless someone is using stETH with leverage in DeFi.
There are also other possibilities: if a malicious Oracle Machine and its accomplices possess certain information, or have the ability to impose large penalties (such as massive confiscations) at the consensus layer, they may exploit the execution layer stETH update delay to seek economic benefits.
For example, if a large-scale confiscation occurs, some people may sell part of their stETH on a decentralized exchange (DEX) before the negative rebase takes effect. However, this will not affect the withdrawal operations initiated directly by users through Lido, as the protocol's "emergency mode" (bunker mode) will be activated to ensure a fair execution of the withdrawal process.
Instant and Complete Transparency
From start to finish, all participants in the Lido ecosystem — whether they are contributors, node operators, or Oracle Machine operators — always prioritize transparency and goodwill, ensuring the rights of stakers and the healthy development of the entire ecosystem.
Whether it is proactively releasing detailed post-analysis reports, compensating for staking losses caused by infrastructure downtime, voluntarily exiting validation nodes for preventive reasons, or quickly issuing comprehensive incident reports, these participants always view transparency as a top priority.
Continuous Iteration and Upgrade
Lido is always at the forefront of technology research and development, dedicated to using zero-knowledge proof (ZK) technology to enhance the security and trustlessness of the Oracle Machine mechanism. As early as the initial stages, the team invested over $200,000 in special funds to support trustless verification of consensus layer data through zero-knowledge proof technology.
These explorations of technology ultimately led to the official launch of the SP1 zero-knowledge Oracle Machine "Double Check" mechanism developed by the SuccinctLabs team within the year. This mechanism provides an additional layer of security verification for potential negative rebase operations through verifiable consensus layer data.
Currently, this type of zero-knowledge technology is still in the development stage. The related zero-knowledge virtual machine (zkVM) not only needs to undergo real-world testing, but also has limitations such as slower computation speed and higher computational costs, making it unable to fully replace trusted Oracle Machines. However, in the long run, these types of solutions are expected to become trust-minimized alternatives to existing Oracle Machines.
Oracle Machine technology is very complex and has various application scenarios in the DeFi field. In the Lido protocol, the Oracle Machine is carefully designed as a core component, significantly reducing the impact range of potential risks through an effective decentralized architecture, a separation of duties mechanism, and a multi-layer verification system.
Content source: