Rocket Pool delays launch after vulnerability discovered by rival

Rocket Pool delays launch after vulnerability discovered by rival

Eth2 staking provider Rocket Pool has postponed its launch after a possible exploit was identified in the protocol’s code.

On Oct. 6, Rocket Pool announced the postponement while the team implements a fix for the bug. Rocket Pool tweeted that “relatively minimal” changes are required to patch the vulnerability and that a new launch date will be announced soon.

1/ Yesterday our bug bounty program helped discover an exploit that also affected other staking providers, as a result we are postponing launch to implement a fix.

We would like to extend our warmest thanks to @tsudmi for raising the exploit.

— Rocket Pool (@Rocket_Pool) October 5, 2021

Rocket Pool was alerted to the vulnerability by Dmitri Tsumak, the founder of rival staking provider StakeWise.. After Rocket Pool confirmed the bug was valid, the two teams notified another Eth2 staking project, Lido, that the vulnerability also posed a risk to its protocol as well.

Lido acknowledged the bug via Twitter on Oct. 5, proposing a vote to lower staking limits for all node operators in a bid to minimize the risk posed to the protocol. Lido described the potential impact of the exploit as “low,” adding that “the vulnerability can only be exploited by the currently whitelisted Lido node operators.”

“A long-term fix is being developed in parallel and more information will be shared when it is out of a draft stage,” the team added.

StakeWise publicly announced Tsumak’s role in identifying and reporting the possible exploit to its rivals, asserting: “Even when dealing with our competitors, the more secure we are collectively, the stronger the entire ETH2 staking ecosystem becomes.” Rocket Pool also tweeted a commitment to shared network security.

5/ At StakeWise, we believe that even when dealing with our competitors, the more secure we are collectively, the stronger the entire #ETH2 staking ecosystem becomes. To achieve this, we must communicate and watch each other's backs.

— StakeWise (@stakewise_io) October 5, 2021

Eth2 staking services

As Ether deposited to the Eth2 staking contract cannot be withdrawn until Ethereum’s forthcoming chain merge has been completed, many investors have turned to providers offering liquid staking services. Liquid staking allows tokens representing the value of staked assets to be utilized in decentralized finance without requiring the underpinning assets to be unstaked. Eth2 staking services also enable users with less than the 32 ETH minimum, to stake in pools.

Related: Staking on Ethereum 2.0, explained

According to StakingRewards, Eth2 currently ranks as the third-largest Proof-of-Stake network with a staked capitalization of $27.3 billion despite only 6.55% of supply being locked up.

By contrast, more than 70% of the circulating supply of the two-largest networks by staked capital has been locked up, with the $60.5 billion worth Solana (SOL) and $51 billion worth of Cardano (ADA) currently staked representing 77% and 70.5% of the projects’ respective circulating supplies.

Source Link