[Security Disclosure] A vulnerability was reported and mitigated related to the Lido CSM and the permissionless verifier contract used to verify validator withdrawals. The vulnerability was not exploited, and no CSM Node Operators were affected. stETH holders were not affected in any way. As part of the remediation, a fix was implemented via Oracle mitigation (disabling bond burn) and DAO vote 190. A bug bounty was paid to a whitehat who responsibly disclosed the issue via the Lido × Immunefi program. Full details and can be found on the Lido research forum: https://research.lido.fi/t/post-mortem-csverifier-weak-validation-of-the-historical-block-gindex-user-funds-remain-safe/10466(Lido)