search

code-423n4 / 2023-04-eigenlayer-findings

1 stars 1 forks source link

`deposit` will cause erros if totalShares is 1e9-1 or less #448

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/Layr-Labs/eigenlayer-contracts/blob/dbeb85bcd0476e06b8feebf07e33f8a53d54c029/src/contracts/strategies/StrategyBase.sol#L86

Vulnerability details

Impact

user funds will be stuck

Proof of Concept

User will not be able to withdraw for tokens that are less then 1e9-1 like usdt

This is a warning in the code 

WARNING: In order to mitigate against inflation/donation attacks in the context of ERC_4626, this contract requires the 
     *          minimum amount of shares be either 0 or 1e9. A consequence of this is that in the worst case a user will not 
     *          be able to withdraw for 1e9-1 or less shares.

but there isn't any kind of checking in the code or somthing like that, so the user funds will be stuck forever. It is better to change the code to accomodate this or the user funds will be stuck forever

Tools Used

manual review

Recommended Mitigation Steps

Change the code

Assessed type

Invalid Validation

0xSorryNotSorry commented 1 year ago

The deposit() function has the requirement to mint the shares at least as MIN_NONZERO_TOTAL_SHARES amount which is 1e9. The submission does not provide a proper demonstration, code blocks and a valid reasoning. Labeling as LQ.

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as low quality report

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Invalid

GalloDaSballo commented 1 year ago

Low quality, closing