[Security Disclosure] A griefing vulnerability was responsibly reported via Immunefi, affecting the RageQuit mechanism in Lido’s Dual Governance (DG) system. The issue could have delayed ETH withdrawals during a RageQuit state, but no user funds were ever at risk. Thanks to the “training wheels” phase of DG rollout and the readiness of the Emergency Committee to intervene if needed, Lido contributors are equipped to fully neutralize any potential abuse. Next steps: • Emergency Committee is on standby to intervene if needed • A fix is being proposed, tested, and audited • DG testnet bounty • Onchain vote to ship fix • Fix fully enacted Lido contributors are grateful to the anonymous whitehat for the high-quality report and to Immunefi for supporting responsible disclosure. Incident details and updates can be found on forum: https://research.lido.fi/t/security-disclosure-dg-weakness-reported-through-immunefi-funds-not-at-risk/10393(Lido)