Closed howlbot-integration[bot] closed 4 months ago
CloudEllie marked the issue as duplicate of #571
alcueca marked the issue as not a duplicate
The withdrawBeforeRestaking
function was getting used in M1 version of EigenLayer to withdraw funds, which then got migrated to M2 when restaking got enabled and according to EigenLayer migration instructions PodOwner(OperatorDelegator contract in our case) has to call activateRestaking
only once to migrate from M1->M2.
After M2 upgrade withdrawals are verified by verifyAndProcessWithdrawals
.
The statement is correct that the functions will revert. But the functions were kept to provide seamless migration from M1 -> M2 upgrade for EigenLayer pods.
A bit of natspec would have helped, or the warden could have asked what was the purpose of the functions.
alcueca marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/Delegation/OperatorDelegator.sol#L101-L103 https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/Delegation/OperatorDelegator.sol#L459-L463
Vulnerability details
Impact
The
OperatorDelegator.activateRestaking()
andOperatorDelegator.startDelayedWithdrawUnstakedETH()
will always revert when called. This is due to a clause in theeigenPod
contract which enables restaking by default during initialization.The eigenpod manager initializes the pod, which inturn sets
eigenpod.hasRestaked
to true. Which is checked in botheigenPod.activateRestaking();
andeigenPod.withdrawBeforeRestaking();
. Therefore withdrawBeforeRestaking can't be used to sweep eth from the Pod contract.Proof of Concept
The eigenpod contract can be found in: https://github.com/Layr-Labs/eigenlayer-contracts?tab=readme-ov-file#eigenpods-1 The modifier below causes the restrictions
Tools Used
Manual Review, Josephdara
Recommended Mitigation Steps
Remove both functions from the contract completely as withdrawals cannot be made through them
Assessed type
Error