search

code-423n4 / 2023-04-eigenlayer-findings

1 stars 1 forks source link

The value of `MAX_WITHDRAWAL_DELAY_BLOCKS` is constant which shouldn't be #431

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/Layr-Labs/eigenlayer-contracts/blob/dbeb85bcd0476e06b8feebf07e33f8a53d54c029/src/contracts/core/StrategyManagerStorage.sol#L46

Vulnerability details

Impact

The value of MAX_WITHDRAWAL_DELAY_BLOCKS is constant which shouldn't be. It is stated that at the moment MAX_WITHDRAWAL_DELAY_BLOCKS is 50400 and it is adjustable, but it isn't in this case as it is constant and once deployed it can't be change

Proof of Concept

As it is stated that MAX_WITHDRAWAL_DELAY_BLOCKS could change according to the time but according to the code it isn't possible as the constant keyword is used and once deployed it can not be changed

Tools Used

Manual review

Recommended Mitigation Steps

Don't make it constant, remove the constant word

Assessed type

Timing

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as primary issue

c4-sponsor commented 1 year ago

Sidu28 marked the issue as sponsor disputed

Sidu28 commented 1 year ago

withdrawalDelayBlocks is adjustable. MAX_WITHDRAWAL_DELAY_BLOCKS is a non-adjustable constant. I'm confused where "It is stated that at the moment MAX_WITHDRAWAL_DELAY_BLOCKS is 50400 and it is adjustable"

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Invalid

GalloDaSballo commented 1 year ago

MAX_WITHDRAWAL_DELAY_BLOCKS is the cap withdrawalDelayBlocks can be changed

Finding is invalid