Lido Warns: Potential Security Risk Identified in ZKsync wstETH Bridge Contract

Event Background

Recently, the Lido team identified a potential security risk in the ZKsync wstETH bridge endpoint contract during a routine audit. Although no exploitation has been detected and wstETH holders on zkSync remain unaffected, precautionary actions have been taken to ensure safety.

Current Mitigation Steps

• New deposits to the ZKsync bridge have been paused
• Withdrawals and token transfers on zkSync remain fully operational
• All other bridge contracts are unaffected and functioning normally

Planned Fix and Next Steps

The technical team has completed a fix and plans to submit the updated contract for audit and deployment during the upcoming on-chain Lido governance vote, scheduled for late March to early April. Once successfully deployed, deposit functionality will be restored.

Lido has committed to providing further updates as the audit and governance process progresses.