Liquid Collective engaged independent security firms Halborn and Spearbit to perform security audits of the protocol. Every protocol feature deployed to mainnet has previously been reviewed by at least one of those teams.
Alluvial engaged Spearbit, a decentralized network of expert security engineers, to conduct a security audit on Liquid Collective's protocol including the new smart contract for the TLC token, and protocol metadata and slashing coverage features.
View the results of the Spearbit audit.
View the results of the Spearbit audit.
Users that put their ETH into LsETH want to know that the underlying smart contract is secure so they will be able to withdraw their ETH if they so choose [after withdrawals are enabled on Ethereum]. There are numerous risks associated with any liquid staking protocol, one being the validator nodes are compromised resulting in a slashing event; not many people in the world know how to run validators at scale. The Liquid Collective validators are experienced node operators that implement standard security best practices for cloud infrastructure and key management. There's also the possibility that private keys could be compromised, which we have seen as a common attack vector in recent hacks, so the Spearbit team reiterated this focus by bringing in a key management consultant to the audit.
— Spencer Macdonald, Co-Founder of Spearbit
Read more of Alluvial's interview with Spearbit's Spencer Macdonald on Spearbit's decentralized community model, the audit process, and why collaborating with independent security experts matters.
Alluvial engaged Halborn, a leading blockchain security firm, to conduct a security audit on Liquid Collective's Ethereum liquid staking smart contracts to ensure that the smart contracts operate as intended and to identify potential security issues. The Alluvial, Kiln, and Figment teams remediated the issues identified during the audit process and received final validation from Halborn.
View the results of the Halborn audit.
We welcome the community to review our code and report any bug or security vulnerability discovered. View more details.