Lido's prompt action on a reported vulnerability underscores its commitment to security, with no impact on users and a bounty awarded to the disclosing hacker.
Lido disclosed and resolved a vulnerability related to its CSM and validator withdrawal contracts, which was reported on August 1st. The vulnerability, which was not exploited, posed no risk to CSM node operators or stETH holders. Remediation measures included disabling the bond burning function and implementing a fix via DAO vote Proposal 190. Lido also awarded a bug bounty to the white hat hacker involved in the disclosure through the Lido×Immunefi project.