The receive function in NodeELRewardVault expects deposits from node rewards to emit the ETHReceived function. However, a block reward doesn't trigger any EVM code on the address.
Impact
Any indexing system depending on this event will fail to correctly account for the Ether received in proxies with implementation of NodeELRewardVault
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/9f1fc1217510b4f78e59c0fe854a3c2b64db963a/contracts/NodeELRewardVault.sol#L20
Vulnerability details
The
receive
function inNodeELRewardVault
expects deposits from node rewards to emit theETHReceived
function. However, a block reward doesn't trigger any EVM code on the address.Impact
Any indexing system depending on this event will fail to correctly account for the Ether received in proxies with implementation of
NodeELRewardVault
Proof of Concept
Recommended Mitigation Steps
Stop relying on
ETHReceived
for indexing rewards.Assessed type
ETH-Transfer