c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
Open c4-submissions opened 11 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #43
c4-pre-sort
commented
11 months ago raymondfam marked the issue as not a duplicate
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #709
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #294
c4-pre-sort
commented
11 months ago raymondfam marked the issue as sufficient quality report
c4-judge
commented
10 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
c4-judge
commented
10 months ago fatherGoose1 changed the severity to QA (Quality Assurance)
c4-judge
commented
10 months ago fatherGoose1 marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/RSETH.sol#L47 https://github.com/code-423n4/2023-11-kelp/blob/main/src/NodeDelegator.sol#L51
Vulnerability details
Funds received from users deposits in LRTDepositPool are then transfered to NodeDelegator to delegate them to EigenLayer in order to generate yield . The problem here is that there is not a way to increase users RSETH balance or minting new tokens to users when a new yield is generated .
Impact
Users will not get yield generated by their funds in EigenLayer .
Proof of Concept
LRTDepositPool is the only to have
MINTER_ROLEto mint new RSETH, but it does’t have a function to mint to users when they generated yield , it only mints when they deposit . Also RSETHbalanceOf()function can’t be manipulated to increase the users balance when they generate yield .Tools Used
Manual Review
Recommended Mitigation Steps
increase users RSETH balance when their deposits generate yield from EigenLayer .
Assessed type
Other