MAX_WITHDRAWAL_DELAY_BLOCKS assumes that block time is always 12 seconds

[code423n4]

Lines of code

https://github.com/code-423n4/2023-04-eigenlayer/blob/5e4872358cd2bda1936c29f460ece2308af4def6/src/contracts/core/StrategyManagerStorage.sol#L45-L46

Vulnerability details

Impact

Block time may change in the future which may affect the protocol's withdrawal functionality.

Proof of Concept

StrategyManagerStorage.sol assumes a 12-second blocks timing. If the block time changes in the future the MAX_WITHDRAWAL_DELAY_BLOCKS of one week would change.

    // the number of 12-second blocks in one week (60 * 60 * 24 * 7 / 12 = 50,400)
    uint256 public constant MAX_WITHDRAWAL_DELAY_BLOCKS = 50400;

This variable is used in StrategyManager.sol, to ensure that sufficient time has passed since queuedWithdraw and completeQueuedWithdrawal. The owner can set the max delay time up to a week in the current scenario. If the block timing changes to a arbitrarily low timing, then max delay time will be affected greatly, which may put pressure on the protocol to check all queued withdrawals in a small time frame.

Tools Used

VSCode

Recommended Mitigation Steps

Rather than declaring MAX_WITHDRAWAL_DELAY_BLOCKS as a constant, better to configure MAX_WITHDRAWAL_DELAY_BLOCKS as an updatable value so it can be updated accordingly when the block time changes in the future.

Assessed type

Timing

[c4-pre-sort]

0xSorryNotSorry marked the issue as duplicate of #434

[c4-judge]

GalloDaSballo marked the issue as unsatisfactory: Out of scope