c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
Closed c4-submissions closed 11 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #43
c4-judge
commented
11 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTDepositPool.sol#L19
Vulnerability details
LRTDepositPool receives the funds deposited by users into the Kelp product. From here, the funds are transferred to NodeDelegators contracts that delegate them to the EigenLayer strategy. The funds are then used to provide liquidity on the EigenLayer protocol . Users are also minted a receipt token RSETH. But the problem is there is no a withdraw function to get funds back from EigenLayer and transfer them to users .
Impact
Users will lost all their deposited tokens
Tools Used
Manual Review
Recommended Mitigation Steps
Implement a withdraw function to users withdraw their funds if needed .
Assessed type
Other