Lido Internal Security Audit
3e6cb88e-8928-4400-a8a0-f7d7fbe258fb_Primev_audit.pdf1.3 MB
Terms and Conditions
Lido Governance PERCH Proposal: Request for Node Operators to opt-in to mev-commitLido validator participation in mev-commit can be enabled through two key mechanisms: - Lido Reputation Vault – allowing reputable operators to onboard with minimal collateral requirements while ensuring accountability. - Lido Rewards Router – enabling Lido to define and enforce an on-chain, verifiable framework for distributing rewards (e.g. directly to stETH holders). Together, these provide a safe, flexible, and governance-conforming path for Lido operators to participate in mev-commit while keeping incentives transparent and aligned with Lido’s goals.
APMC
Participant | Comments | Vote (Y/N) |
Gabriella | I worked on the final proposal with the Primev team and believe the terms provide a safe and viable avenue for Lido Node Operators to opt into the APM, delivering value to all parties involved | Y |
Ivan | ||
Drew | I would support primev, under the assumptions that the Lido team has performed a full security assessment and there is at least 5 - 10 NOs who have tested primev in both Hoodie and mainnet without any issues in the last few weeks. I would also caution rolling this out until the next hardfork and making sure there is stability. Also would encourage making sure there are proper coms in place that if something goes wrong the Lido team can quickly react. For what it is worth, I did ask a few NOs for their views and they all have the same posturing, “we aren’t sure it will work but we want to support it.” Somewhat shows the value may not be there but a sentiment towards it being important to try and support. | Y |
Fredrik | Good things is there is no history of incidents on mainnet and testnets, and that this gives more diversity in the PBS pipeline. If the following is acceptable by the ecosystem (from the audit report) then I guess it’s fine:
”Protocol is heavily centralized, all major parts are controlled only by Primev (w/heavy licensing
restrictions).
There were almost no security audits, only on-chain parts were somewhat covered (but not off-
chain parts).
Considering that project exists since mid-2024, current code base looks very hacky & messy
(everything is just PoC?” | Y |
Kam | It does seem that operators are interested in exploring/testing Primev, but the value still has to be proven. | Y |
Sébastien | Mev-commit's approach is pragmatic and simple in terms of infrastructure as it re-uses the exisiting PBS pipeline, this is an advantage as most operators are familliar with it and I don't expect a lot of issues on the operational side here. On top of this, it has been live on mainnet for long enough to build confidence on this side from my perspective. The economic model is unclear though especially in the longer run when block reward incentives fade out so a word of caution on this side. | Y |
Justin (non-voting) |