search

code-423n4 / 2023-11-kelp-findings

13 stars 11 forks source link

Locked funds due to missing withdraw function #358

Closed c4-submissions closed 11 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/main/src/NodeDelegator.sol#L51-L68

Vulnerability details

Impact

The LRTManager is allowed to deposit the entire balance of a nodeDelegator into eigenlayer via the depositIntoStrategy

There is missing a key function in the NodeDelegator contract that should allow for withdrawing funds from eigen, currently if the nodeDeleagtor calls depositAssetIntoStrategy the funds sent are essentially lost with no way of recovering them.

Proof of Concept

https://github.com/code-423n4/2023-11-kelp/blob/main/src/NodeDelegator.sol#L51-L68

    function depositAssetIntoStrategy(address asset)
        external
        override
        whenNotPaused
        nonReentrant
        onlySupportedAsset(asset)
        onlyLRTManager
    {
        address strategy = lrtConfig.assetStrategy(asset);
        IERC20 token = IERC20(asset);
        address eigenlayerStrategyManagerAddress = lrtConfig.getContract(LRTConstants.EIGEN_STRATEGY_MANAGER);

        uint256 balance = token.balanceOf(address(this));

        emit AssetDepositIntoStrategy(asset, strategy, balance);

        IEigenStrategyManager(eigenlayerStrategyManagerAddress).depositIntoStrategy(IStrategy(strategy), token, balance);
    }

Tools Used

Manual Review

Recommended Mitigation Steps

Implement a function that can withdraw the deposited and rewards from eigen

Assessed type

Other

c4-pre-sort commented 11 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as duplicate of #43

c4-judge commented 11 months ago

fatherGoose1 marked the issue as unsatisfactory: Invalid