search

code-423n4 / 2023-11-kelp-findings

13 stars 11 forks source link

`depositAssetIntoStrategy` should check `eigenlayer` strategy pause or not . #560

Closed c4-submissions closed 10 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/ee1154fcb6f6619cdc9aeda27503d9a2cbf6d8eb/src/NodeDelegator.sol#L67

Vulnerability details

Impact

depositAssetIntoStrategy should check eigenlayer strategy pause or not.It will revert if eigenlayer strategy is paused.

Proof of Concept

According to the eigenlayer deposit ,it's possible that the eigenlayer strategy state is paused. If the lrtManager deposit when the strategy is paused, the deposit logic will revert().

Tools Used

manual

Recommended Mitigation Steps

check eigenlayer pause or not before deposit

Assessed type

Context

c4-pre-sort commented 11 months ago

raymondfam marked the issue as insufficient quality report

raymondfam commented 11 months ago

Readme: We are aware that EigenLayer has an mechanism to pause deposits in its protocol. Hence we created a layer called NodeDelegator which holds assets and deposits them into EigenLayer asset strategy. The intention is for these NodeDelegator contracts to deposit into Eigenlayer once deposit is available.

c4-pre-sort commented 11 months ago

raymondfam marked the issue as primary issue

c4-judge commented 10 months ago

fatherGoose1 marked the issue as unsatisfactory: Invalid