The Challenge: Verifying Lido State Transitions with ZK

‍

Lido, the leading liquid staking protocol on Ethereum, introduced a new accounting oracle for proving validator balance changes using zero-knowledge proofs, built on the SP1 zkVM (a zero-knowledge virtual machine that generates cryptographic proofs). This update, outlined in LIP 23, leveraged zk oracles to validate negative rebases, ensuring that validator balance changes could be cryptographically verified on-chain.

‍

This update presented several technical challenges:

‍
‍

• ZK Circuit Complexity: The audit included both the zkVM circuit and the on-chain proof submitter, requiring deep understanding of how Lido validator balances are tracked and updated on chain.
• State Transition Validation: The goal was to confirm that the transition between two Lido states, especially changes to validator balances, was correctly captured.
• Cross-Domain Expertise: Auditing this system required coordination across ZK, Solidity, Ethereum consensus (Beacon State), and Lido-specific operations.
  ‍

The integrity of this logic was essential not only for correctness but for maintaining user trust and protocol-level accuracy.

‍

‍

‍

Our Process: Auditing Lido’s ZK Oracle for Secure State Verification

‍

Nethermind Security audited the Lido accounting zk-Oracle, which included both the off-chain circuit and on-chain verifier components. Our approach combined protocol-level understanding with cross-domain technical depth.
‍

Throughout the audit, we maintained close communication with the Lido team and supported the process with thorough documentation to ensure all assumptions and implementation details were clearly aligned.

‍

‍

‍

‍

Findings That Mattered

‍

Our audit uncovered two critical areas for improvement:

‍

• Validator Index Manipulation: We identified that that consensus-layer balance values could be manipulated through invalid validator indices, compromising the integrity of the zk proof.
• Inconsistent State Checks: There were missing validation checks on the new state and redundant checks on the old state, creating potential vulnerabilities in the transition verification process.
  ‍

These issues were addressed by the Lido team following our recommendations.

‍

‍

‍

The Outcome: Strengthening Lido’s ZK-Based Validation

‍

All identified issues were remediated successfully. This Lido update, tied to LIP 23, is now planned for mainnet deployment.

‍

• Validation logic now robustly enforces correct state transitions
• Key vulnerabilities in the zk proof handling were closed
• Coordination between teams ensured a fast and effective audit cycle

‍

‍

‍

Why This Work Matters

‍

This engagement demonstrates the importance of precision when introducing zero-knowledge proofs into existing DeFi protocols. Our audit supported Lido in extending its architecture with verifiable state transitions without compromising on security.

‍

By aligning ZK logic with Ethereum consensus and Lido operations, we helped ensure this critical infrastructure update is ready for mainnet deployment.

‍

‍

‍

Nethermind Security

‍

Trusted by leading protocols to audit complex systems across staking, DeFi, and ZK. Get in touch to assess and strengthen your project’s security posture.

‍

Audit Team Bios

This engagement was led by Nethermind Security researchers with deep expertise in cryptography, zero-knowledge systems, and Ethereum consensus. Below are the contributors to the Lido zk-Oracle audit.

‍

Nick Dimitriou - MSc in Information Security at UCL with a Cryptography and Blockchain technology direction. Nick has worked on various engineering problems, from mobile application development to blockchain applications using zk DSLs and zk VMs (Mina,  Noir, Circom, Risc-0, etc.). Currently working as a Cryptography Engineer at Nethermind, where he focuses on engineering zk solutions, contributing to the implementation of state-of-the-art research papers, and participating in zk-audits.

‍

Michael Belegris - MSc in Information Security with a focus in cryptography and blockchain applications. Michael has worked on engineering research by implementing newly published zk-friendly hash functions for use on-chain, off-chain and in circuits as well as implementing attacks on mix-networks proving their insecurity. Additionally, Michael has helped in the teaching of block ciphers by building a learning tool for the AES and DES ciphers.

‍

Isaac Villalobos Gutiérrez - BSc in Physics and developer experienced in C++ and Rust. Contributed to the development of Vampire zkSNARK, Latticefold post-quantum folding scheme, Starkpack implementation over Risc0 zkVM. Additionally, a consultant for technical due diligence requests for Ethereum ecosystem projects at Nethermind, delivering these services to external clients of the company.

‍

Krzysztof Szubiczuk - Security researcher at Nethermind for three years, focusing on Ethereum and Starknet platforms. Has secured numerous protocols including DEXs, overcollateralized lending protocols, cross-chain bridges, staking solutions, wallets, and zero-knowledge applications. Member of the OpenAI Red Teaming Network and contributed to the "OpenAI o1 System Card." Has over 3 years of experience in Smart Contract auditing across various types of protocols.

‍

Luciana Silva - Ph.D. in Computer Science with over 10 years in applied AI research. Published 29 papers in top IEEE, ACM, and Elsevier journals. Has been working in Smart Contracts Security for three years across various ecosystems with expertise in Solidity, Cairo, Rust, and zkDSLs (Noir and Circom). Works on AMMs, order books, lending protocols, cross-chain bridges, staking, and Zero Knowledge applications. Has presented talks on Smart Contract security at Aleph Crecimiento 2024, AI Agents Day during ETH Denver 2025, and Google Web3: Zero Knowledge (ZK) and AI Summit 2025

‍

‍