The Oracle is the operational backbone of the Lido protocol on Ethereum. It acts as the bridge between the Ethereum consensus layer, execution layer, and the Lido smart contracts, ensuring accurate state reporting, reward distribution, and protocol safety mechanisms. The Oracle operates through a committee-based consensus mechanism where multiple oracle nodes must agree on protocol state before updates are committed to the blockchain.

The primary goal of this security audit is to comprehensively assess the security posture of the Lido oracle system, with particular emphasis on the stVaults feature and its associated vault management operations. The audit aims to identify potential vulnerabilities, attack vectors, and security weaknesses that could compromise the integrity, availability, and financial security of the stVaults ecosystem.

During the manual audit, the Certora team reported 16 findings including 2 of high severity and 2 of medium severity, all of which were fixed by the Lido team.