code-423n4 2023-04-eigenlayer-findings issues

code-423n4 / 2023-04-eigenlayer-findings

1 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Depositors risk losing funds through StrategyManager.depositIntoStrategyWithSignature()

#410 code423n4 closed 1 year ago
6
verifyWithdrawalCredentialsAndBalance does not verify that oracleBlockNumber is the latest block number.

#409 code423n4 closed 1 year ago
6
A staker with verified over-commitment can potentially bypass slashing completely

#408 code423n4 opened 1 year ago
5
Gas Optimizations

#407 code423n4 closed 1 year ago
1
Vulnerability in Pause Function

#406 code423n4 closed 1 year ago
3
QA Report

#405 code423n4 closed 1 year ago
1
Queued withdrawals are not treated correctly when a slash occurs, leading to loss of user funds

#404 code423n4 opened 1 year ago
15
Gas Optimizations

#403 code423n4 closed 1 year ago
1
QA Report

#402 code423n4 closed 1 year ago
1
QA Report

#401 code423n4 closed 1 year ago
3
UNCLEARED DEBT COULD HAVE ETH NOT WITHDRAWABLE FROM EIGENPOD.SOL

#400 code423n4 closed 1 year ago
5
Zero address pauser assignment

#399 code423n4 closed 1 year ago
3
QA Report

#398 code423n4 opened 1 year ago
3
Zero address Pauser assignment

#397 code423n4 closed 1 year ago
3
QA Report

#396 code423n4 closed 1 year ago
1
Access Control Unauthorized access to restricted functions setWithdrawalDelayBlocks

#395 code423n4 closed 1 year ago
3
QA Report

#394 code423n4 opened 1 year ago
2
Overflow Excessive claims could overwhelm storage _userWithdrawals mapping

#393 code423n4 closed 1 year ago
3
Strategy owner can steal staker funds.

#392 code423n4 closed 1 year ago
6
QA Report

#391 code423n4 closed 1 year ago
1
Manipulation Compromised proposal processing claimDelayedWithdrawals

#390 code423n4 closed 1 year ago
3
Gas Optimizations

#389 code423n4 closed 1 year ago
2
Slot and block number proofs not required for verification of withdrawal (multiple withdrawals possible)

#388 code423n4 opened 1 year ago
6
A Malicious validator can frontrun 32ETH deposit

#387 code423n4 closed 1 year ago
6
QA Report

#386 code423n4 closed 1 year ago
1
Gas Optimizations

#385 code423n4 closed 1 year ago
1
withdrawal amount should be greater than the REQUIRED_BALANCE_GWEI

#384 code423n4 closed 1 year ago
6
Gas Optimizations

#383 code423n4 closed 1 year ago
2
QA Report

#382 code423n4 closed 1 year ago
3
Integer Overflow Large numbers of strategies/deposits could overflow arrays stakerStrategyList

#381 code423n4 closed 1 year ago
3
Gas Optimizations

#380 code423n4 opened 1 year ago
2
Context not implemented as per need of the code

#379 code423n4 closed 1 year ago
3
[M-1] Potential DoS attack due to unchecked array lengths in loop

#378 code423n4 closed 1 year ago
4
Users can queue a withdrawal and potentially withdraw completely if ```PAUSED_EIGENPODS_VERIFY_OVERCOMMITTED = false```

#377 code423n4 closed 1 year ago
7
Medium Access Control Unauthorized access to restricted functions

#376 code423n4 closed 1 year ago
3
`indicesToSkip` array not implemented properly if array not entered in ascending order

#375 code423n4 closed 1 year ago
4
Attacker can operate as a staker/operator on eigenLayer without risking any funds

#374 code423n4 closed 1 year ago
19
High Reentrancy Withdrawals can be frontrun

#373 code423n4 closed 1 year ago
3
Gas Optimizations

#372 code423n4 closed 1 year ago
1
Use of block.timestamp

#371 code423n4 closed 1 year ago
3
Attacker can make his stake immune to `verifyOvercommittedStake`.

#370 code423n4 closed 1 year ago
6
QA Report

#369 code423n4 closed 1 year ago
1
Users can avoid getting their queuedWithdrawal slashed because of the wrong implementation.

#368 code423n4 closed 1 year ago
3
Division before multiplication incurs unnecessary precision loss

#367 code423n4 closed 1 year ago
3
Depositor get's extra shares to keep

#366 code423n4 closed 1 year ago
3
Gas Optimizations

#365 code423n4 closed 1 year ago
1
Missing lower boundary check on queueWithdrawal() could disrupt/deny slashQueuedWithdrawal()

#364 code423n4 closed 1 year ago
5
Signature Replay possible in `depositIntoStrategyWithSignature` method

#363 code423n4 closed 1 year ago
5
QA Report

#362 code423n4 closed 1 year ago
1
Setting the `underlyingToken` to a token with low decimal precision and high value may lose too much value or reduce the willingness of users to participate, because the value of MIN_NONZERO_TOTAL_SHARES is fixed at 1e9

#361 code423n4 closed 1 year ago
8

Previous Next