Eth2 staking provider Rocket Pool has postponed its launch after a possible exploit was identified in the protocol’s code.
On Oct. 6, Rocket Pool announced the postponement while the team implements a fix for the bug. Rocket Pool tweeted that “relatively minimal” changes are required to patch the vulnerability and that a new launch date will be announced soon.1/ Yesterday our bug bounty program helped discover an exploit that also affected other staking providers, as a result we are postponing launch to implement a fix.We would like to extend our warmest thanks to @tsudmi for raising the exploit.— Rocket Pool (@Rocket_Pool) October 5, 2021
Rocket Pool was alerted to the vulnerability by Dmitri Tsumak, the founder of rival staking provider StakeWise.. After Rocket Pool confirmed the bug was valid, the two teams notified another Eth2 staking project, Lido, that the vulnerability also posed a risk to its protocol as well.
Lido acknowledged the bug via Twitter on Oct. 5, proposing a vote to lower staking limits for all node operators in a bid to minimize the risk posed to the protocol. Lido described the potential impact of the exploit as “low,” adding that “the vulnerability can only be exploited by the currently whitelisted Lido node operators.”
“A long-term fix is being developed in parallel and more information will be shared when it is out of a draft stage,” the team added.
StakeWise publicly announced Tsumak’s role in identifying and reporting the possible exploit to its rivals, asserting: “Even when dealing with our competitors, the more secure we are collectively, the stronger the entire ETH2 staking ecosystem becomes.” Rocket Pool also tweeted a commitment to shared network security.5/ At StakeWise, we believe that even when dealing with our competitors, the more secure we are collectively, the stronger the entire #ETH2 staking ecosystem becomes. To achieve this, we must communicate and watch each other's bac...