Goal: show off the Lido on Ethereum security practices; share insights & gotchas we've discovered / employed so far in the process of making scary changes and operation safe(-ish) Outline 20m — tight timeline Hi I'm Eugene from LoE Disclaimer: this is not "how to solidity securely" kind of talk — that's covered way better elsewhere; what should the team do above that? I'm from Lido on Ethereum: 7.5m ETH staked, 32% of the staked ETH so far What is Lido v2? (v1 + staking router and withdrawals) (this slide gives the audience a helicopter view what is lido and quick intro about v1 -> v2 upgrade)V2 features = 2* V1 features V2 code = 3* V1 code

We've published a short replit from the script parts we're using for preparing the votes: https://replit.com/@VictorSuzdalev/EVMVoteScriptParser#main.py Checking the evm script Start replit. Open https://replit.com/@VictorSuzdalev/EVMVoteScriptParser#main.py Click big green RUN button at the top. The script will start installing dependencies — this takes couple minutes.

StETH rebase design questions Q: Would stETH be considered a "supply elastic" token (like AMPL where supply might increase/decrease to maintain a target value)? Or do holder balances increment simply as a means of distributing staking rewards? A: StETH isn't "supply elastic" in a sense AMPL is, as it's total supply isn't tied to any specific target value. Total supply & holder balances represent the ETH staked with Lido (funds buffered on the Lido smart contract + funds in deposit queue + the amounts staked with Lido Beacon chain validators). The staking rewards are distributed via rebase of the holder balances. The supply and individual balances do change regularly, though. Total supply and individual balances change when: staking rewards are reported by oracles, changes upwards a bit (limited by 10% APR, so about 0,03% per day). Current settings can be checked on the Oracle interface here: https://mainnet.lido.fi/#/lido-dao/0x442af784a788a5bd6f42a01ebe9f287a871243fb/, and the design for the sanity checks is detailed in the proposal: https://github.com/lidofinance/lido-improvement-proposals/blob/develop/LIPS/lip-2.md#sanity-checks-the-oracles-reports-by-configurable-values slashing is reported by oracles, changes downwards, no more than 5% in one day. Never happened. (not implemented) After the merge, when priority fees and MEV earnings are accounted for

Anchor Vault is a smart contract that allows to convert rebasing stETH token into a constant-balance bETH token and periodically send all accrued stETH rewards to the Terra blockchain through a bridge. The bETH token is used as a collateral in the Terra Anchor protocol. The Anchor Vault is deployed & functions already, and was audited by MixBytes() on July, 30th, 2021. The main reason for the audit request is the coming migration from the Shuttle bridge to the Wormhole. The Vault's bridge_connector would be set to BridgeConnectorWormhole contract (to be deployed). Scope of the audit Commit: https://github.com/lidofinance/anchor-collateral-steth/commit/8d52ce72cb42d48dff1851222e3b624c941ddb30 Contracts AnchorVault: https://github.com/lidofinance/anchor-collateral-steth/blob/8d52ce72cb42d48dff1851222e3b624c941ddb30/contracts/AnchorVault.vy (the main vault contract)

The project task is creating a web interface with time-weighted average prices of the specified crypto tokens. Problem Sometimes operations with crypto tokens require time-weighted average price, or TWAP. These numbers usually aren't available off-the-shelf on open APIs, so the custom scripts & calculations are required. Another part of the problem is, the TWAP has to be available & sharable for cross-checks by many different parties. Proposed solution The proposed solution is the web service providing the TWAP data. The raw price data may be acquired on the open sources (coingecko.com API or any other exchange, for instance). The page displaying the data should be sharable by the link. The TWAP params are:

You may check out the video walkthrough here: https://www.youtube.com/watch?v=5YTJgudYHs8 Get the address of the Lido DAO Aragon Voting contract from page https://docs.lido.fi/deployed-contracts/ https://etherscan.io/address/0x2e59A20f205bB85a89C53f1936454680651E618e Get the vote id, either from Aragon UI or from Etherscan: