Closed code423n4 closed 1 year ago
The submission does not provide well demonstration of the issue and reasoning especially on how operators can manipulate the expiry of signatures and deposit on behalf of stakers regardless of whether the signature has expired or not
part.
In addition, removing the expiry >= block.timestamp
requirement creates an open check to the operator.
0xSorryNotSorry marked the issue as low quality report
The operator could not broadcast the message, but the same logic (irrational), could be applied to the user User self denying the functionality cannot be considered a valid finding (above QA)
For this reason am closing as overly inflated
GalloDaSballo marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2023-04-eigenlayer/blob/main/src/contracts/core/StrategyManager.sol#L253
Vulnerability details
Impact
The
StrategyManager.depositIntoStrategyWithSignature()
function unfairly provides malicious operators the ability to delay undelegation against stakersProof of Concept
StrategyManager.sol#L253
Stakers can delegate to operators to deposit on behalf of staker for ERC20 tokens (currently only LST) by providing operators with required signatures. Although stakers are expected to do due diligence before delegating operations to operators, the current implementation of
StrategyManager.depositIntoStrategyWithSignature
allow operators to manipulate the expiry of signatures and deposit on behalf of stakers regardless of whether the signature has expired or not. Stakers will have to callqueueWithdrawal
before undelegation, which can be troublesome since protocol enforces delay in withdrawals.Since there is no delays on deposits, this gives malicious operators the ability to delay undelegation say in the event of them not fulfilling its obligations in the services it participates in, potentially even causing stakers assets to be unecessarily slashed.
Tools Used
Manual Analysis
Recommendation
Remove
expiry
input data and checksAssessed type
Invalid Validation