Security Audit Report for StakeTogether st-v1-contracts


StakeTogether is an Ethereum staking protocol designed especially for communities. It allows users to deposit ETH into staking pools and receive stpETH tokens as collateral. The purpose of StakeTogether is to facilitate the creation of validators on the Ethereum 2.0 beacon chain to support the security and operation of the entire Ethereum network. The core contracts covered in this audit include the StakeTogether st-v1 contracts in the code repository. The iterative audit covers the code in the initial version, as well as subsequent versions to fix discovered issues, as detailed in our audit report. Please note that external dependencies are assumed reliable and are therefore excluded from the audit scope. Our audit methodology employs automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations. In summary, we did not find any critical issues within the audited codebase. However, we have identified six non-critical issues that should be addressed. Additionally, we have put two recommendations to further strengthen the code logic, along with four notes that should be taken into consideration. It is important to note that the scope of our audit was strictly limited to the specific code versions mentioned in the report. Any updates made subsequent to our review would require a re-evaluation.


In total, we find 6 potential issues in the smart contract. We also have 2 recommendations and 4 notes, as follows:

High Risk: 0
Medium Risk: 1
Low Risk: 5
Recommendation: 2
Note: 4
ID Severity Description Category Status
1 Low Deposit revert for the first depositor Software Security Fixed
2 Medium Potential DoS attack when executing the report DeFi Security Fixed
3 Low Lack of existence check when adding validators DeFi Security Fixed
4 Low Ineffective check due to incorrect initialization DeFi Security Fixed
5 Low Lack of existence check when blacklisting the reportOracles DeFi Security Fixed
6 Low Potential DoS attack in the consensus process DeFi Security Fixed
7 - Add sanity checks for function parameters Recommendation Fixed
8 - Remove duplicate checks Recommendation Fixed
9 - Centralization risk Note -
10 - Ensure the correctness of the configuration Note -
11 - Risk of insufficient report oracles Note -
12 - Potential off-chain risks Note -

More details are provided in the audit report.

Take the first step towards a secure future

Reach out now for BlockSec's expert code audit services, elevate the security of your protocol before it goes live!