Lido
DAMASCUSLiquid Staking · Ethereum · $15B+ TVL · 20 contracts
Confidence 85%Z-Factor 0.92Updated 2026-05-17Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
843
BRI Score
3004756508251000
Security Profile
Access Control
88
88
Economic Soundness
85
85
Oracle Integrity
92
92
Compositional Risk
80
80
Governance
88
88
Maturity
93
93
Resilience
44
44
Supply Chain
88
88
Op Security
66
66
Cascade Exposure
48
48
Access Ctrl
88
88
Economic
85
85
Oracle
92
92
Compos.
80
80
Govern.
88
88
Maturity
93
93
Resilience
44
44
Supply Ch.
88
88
OpSec
66
66
Cascade
48
48
Min
44
Avg
77
Max
93
Audit History
Bug Bounty Program
$2,000,000
Max payout on Immunefi
Assessment
Dominant liquid staking protocol, 66 months live, no critical exploits. D4 compositional risk (external validator deps, wide DeFi integration) and D2 rebasing complexity prevent top tier.
Dimension Breakdown
How scores work →Access Control
Weight 18%85% conf
88
arrow_forwardStrong
+22Role-based ACL via Aragon framework
+22Curated node operator registry with staking limits
+22Pause/resume capabilities on critical functions
+22Slight centralization in node operator curation
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%84% conf
85
arrow_forwardStrong
+28Rebasing token model adds complexity vs exchange-rate
+28Withdrawal queue handles unstaking flow
-15Slashing risk passed through to stETH holders
+28$15B+ TVL validated through multiple market cycles
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%90% conf
92
arrow_forwardExcellent
+31Internal oracle for stETH/ETH exchange rate
-8No external price feed dependency for core function
+31Oracle committee reports validator balances
+31Rate update bounded by sanity checks
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%93% conf
93
arrow_forwardExcellent
+19Live since December 2020 (66 months)
+19Survived all major market events
+19$15B+ TVL, largest liquid staking protocol
+19Active since ETH Beacon Chain launch
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%85% conf
88
arrow_forwardStrong
+22LDO token voting via Aragon
+22Dual governance mechanism in development
+22Easy Track for routine proposals
+22Gate Seal for emergency pausing
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
44
Concerning
- Score derived from continuous adversarial security research
Operational Security
Weight 10%60% conf
66
arrow_forwardModerate
-8No branch protection detected
-8CI/CD present but unstable (40% success)
+16Commit signing: 100% verified
+16SECURITY.md present (detailed)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%78% conf
80
arrow_forwardStrong
+20Staking Router routes to multiple modules (DVT, CSM)
+20Extensive DeFi integration (Curve, Aave, MakerDAO)
+20wstETH wrapper adds composition interface
+20Multiple external validator dependencies
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%65% conf
48
arrow_forwardConcerning
+12Appears in 3 cross-protocol cascade chain(s)
+12Failure cascades to 12 downstream protocol(s)
+12Member of 3 dependency cluster(s)
-52Score: 48/100 (higher = more isolated from systemic risk)
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%90% conf
88
arrow_forwardStrong
+22Standard OpenZeppelin libraries
+22Modern Solidity versions
+22Verified contracts on Etherscan
+22Well-maintained dependency set
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Resilience44
Cascade Exposure48
Operational Security66
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "lido"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("lido")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.