The Kelp DAO protocol lacks implementing a function/feature for redeeming the rsETH tokens for underlying LST assets. Subsequently, users can stake their LST assets to the protocol but cannot retrieve their LST assets.
Proof of Concept
Users can stake LST assets (i.e., stETH, cbETH, and rETH tokens) to the Kelp DAO protocol via the LRTDepositPool::depositAsset() and receive minted rsETH tokens in exchange. The LRT Manager will then deposit the LST assets into EigenLayer's Strategy contracts through the NodeDelegator::depositAssetIntoStrategy().
The RSETH contract provides the burnFrom() callable by the protocol's authorized burner. However, the protocol does not implement a function/feature for redeeming the rsETH tokens for underlying LST assets for users.
Impact
Users cannot retrieve the underlying LST assets. Moreover, the minted rsETH tokens may not be accepted by the DeFi community because they cannot be redeemed for their backed LST assets.
These harmful consequences can impact both the Kelp DAO protocol and its users.
Tools Used
Manual Review
Recommended Mitigation Steps
Implement a function/feature for redeeming the rsETH tokens for underlying LST assets.
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/RSETH.sol#L54
Vulnerability details
The
Kelp DAO
protocol lacks implementing a function/feature for redeeming thersETH
tokens for underlying LST assets. Subsequently, users can stake their LST assets to the protocol but cannot retrieve their LST assets.Proof of Concept
Users can stake LST assets (i.e.,
stETH
,cbETH
, andrETH
tokens) to theKelp DAO
protocol via theLRTDepositPool::depositAsset()
and receive mintedrsETH
tokens in exchange. The LRT Manager will then deposit the LST assets intoEigenLayer
'sStrategy
contracts through the NodeDelegator::depositAssetIntoStrategy().The
RSETH
contract provides theburnFrom()
callable by the protocol's authorized burner. However, the protocol does not implement a function/feature for redeeming thersETH
tokens for underlying LST assets for users.Impact
Users cannot retrieve the underlying LST assets. Moreover, the minted
rsETH
tokens may not be accepted by the DeFi community because they cannot be redeemed for their backed LST assets.These harmful consequences can impact both the
Kelp DAO
protocol and its users.Tools Used
Manual Review
Recommended Mitigation Steps
Implement a function/feature for redeeming the
rsETH
tokens for underlying LST assets.Assessed type
Other