search

code-423n4 / 2023-04-eigenlayer-findings

1 stars 1 forks source link

Context not implemented as per need of the code #379

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-eigenlayer/blob/main/src/contracts/pods/EigenPod.sol#L346-L347

Vulnerability details

Impact

Logical and mathematical flaws might occur due to lack of the check .

Proof of Concept

As per comment in: https://github.com/code-423n4/2023-04-eigenlayer/blob/main/src/contracts/pods/EigenPod.sol#L346

//check if the withdrawal occured after mostRecentWithdrawalBlockNumber

but no check is involved in the code which would cause mathematical flaws in the upcoming calculations.

Tools Used

Manual Audit

Recommended Mitigation Steps

Add this check require(slot>mostRecentWithdrawalBlockNumber,"withdrawal didn't occur after mostRecentWithdrawalBlockNumber"); at: https://github.com/code-423n4/2023-04-eigenlayer/blob/main/src/contracts/pods/EigenPod.sol#L348

Assessed type

Context

0xSorryNotSorry commented 1 year ago

The check starts at https://github.com/code-423n4/2023-04-eigenlayer/blob/main/src/contracts/pods/EigenPod.sol#L354

Invalid assumption.

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as low quality report

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Insufficient quality