search

code-423n4 / 2023-04-eigenlayer-findings

1 stars 1 forks source link

freezeOperator will not be able to freeze an operator #441

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-eigenlayer/blob/main/src/contracts/core/Slasher.sol#L251-L252 https://github.com/code-423n4/2023-04-eigenlayer/blob/main/src/contracts/core/Slasher.sol#L121

Vulnerability details

Impact

freezeOperator will not be able to freeze an operator address in blockchain reorg situation

Proof of Concept

https://github.com/code-423n4/2023-04-eigenlayer/blob/main/src/contracts/core/Slasher.sol#L251-L252

canSlash function is relying on block.number as it should be lower than contractCanSlashOperatorUntilBlock. that will work fine until a reorg on Ethereum blockchain is done, in this case a sender caller might wait for few blocks till be able to freeze an operator address.

        if (block.number < _whitelistedContractDetails[toBeSlashed][slashingContract].contractCanSlashOperatorUntilBlock) {
            return true;

Untrusted or bad actor operator address might continue to proceed until the reorg is not effective anymore and that for sure will put a damage or negative impact on a user who needed to freeze that bad actor operator address.

Tools Used

Manual Review

Recommended Mitigation Steps

Assessed type

DoS

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as primary issue

c4-sponsor commented 1 year ago

Sidu28 marked the issue as sponsor disputed

Sidu28 commented 1 year ago

This issue appears to rely on censoring of the Ethereum blockchain for any kind of feasibility.

GalloDaSballo commented 1 year ago

With the information I have available:

I must dispute the finding

Feel free to follow up with me or the Sponsor if you can perform this on the live system

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Insufficient proof