A team member for Lido has accused competitor Rocket Pool of being too centralized in a July 4 social media post. Both Lido and Rocket Pool are liquid staking protocols that allow users to delegate their cryptocurrency to validators and receive derivative tokens in exchange.
According to the post from Lido’s community staking lead Dmitry Gusakov, the Rocket Pool contracts are controlled by the Rocket Pool team, allowing the team to change any parameters and call any method. This means that Rocket Pool developers can increase the inflation rate to an arbitrarily large percentage or increase fees to up to 100%.
Gusakov claimed this vulnerability does not exist in Lido’s contracts, as in Lido, these actions are “fully controlled by [decentralized autonomous organization] LidoDAO.”
Rocket Pool Grants Management Committee member Waq responded to the accusation, stating that the vulnerability was already known to the team and will be fixed in the future. Waq accused the Lido team of trying to take credit for discovering an issue that was already known.
Here we go again with the “brand new” discoveries of @Rocket_Pool being super malicious again Not a single word of how the community has been working for over a year on fixing this and the progress we’re making. Once we fix this, they’ll rush to take the credit like always.
— Waq | Rocket Fuel (@waqwaqattack) July 4, 2023
According to Gusakov’s post, the RocketStorage contract at Ethereum address 0x1d8f8f00cfa6758d7bE78336684788Fb0ee0Fa46 contains a parameter called “guardian.” Many functions in Rocket Pool contracts are also labeled as “onlyGuardian,” meaning they can only be called by the account listed in this parameter, which is currently set to the RocketPool deployer account at 0x0cCF14983364A7735d369879603930Afe10df21e.
Actions that can be performed by the “guardian” include changing the “RPL InflationIntervalRate” and the “ETH DepositFee,” implying that the team can increase the inflation rate of the Rocket Pool governance token (RPL) or remove users’ deposits by setting the fee to 100%, Gusakov stated.
Content creator Chris Blec shared the post, claiming that it proves “‘pDAO is not a DAO” or that RPL token-holders are not actually in control of Rocket Pool’s governance.
In response, RocketPool community advocate Jasper.lens stated that the community is already aware of this centralization issue, which will be patched in the upcoming Saturn upgrade. According to Jasper, the centralization occurred during a period when voting systems for Rocket Pool’s DAO were still being designed and tested. The team decided to not allow the DAO to practice on-chain voting in the initial testing phase. However, testing has now been completed, and the upcoming Saturn upgrade “is all about patching the decentralization holes.”
In a comment agreeing with Jasper.lens’ post, Waq claimed that the Rocket Pool community “has been working for over a year on fixing this” and predicted the Lido team would “rush to take the credit like always” once the problem is fixed.
Liquid staking protocols have been growing in popularity over the past few months. On May 1, blockchain analytics platform DefiLlama stated that these protocols have surpassed decentralized exchanges as the top DeFi category in terms of total value locked. On May 30, Tenet partnered with LayerZero to implement liquid staking on more blockchains in the future.