c4-judge
commented
2 months ago alcueca marked the issue as not a duplicate
Open howlbot-integration[bot] opened 2 months ago
c4-judge
commented
2 months ago alcueca marked the issue as not a duplicate
c4-judge
commented
2 months ago alcueca changed the severity to 2 (Med Risk)
jatinj615
commented
2 months ago As EigenLayer payments are not yet enabled which means DepositQueue is not supposed to hold any collateral Tokens (as rewards from Eigen Layer) only ETH. which is why the DepositQueue balance is not accumulated in TVL.
c4-judge
commented
2 months ago alcueca marked the issue as primary issue
alcueca
commented
2 months ago Accepting the issue as QA, as it deals with a likely future.
c4-judge
commented
2 months ago alcueca changed the severity to QA (Quality Assurance)
c4-judge
commented
2 months ago alcueca marked the issue as grade-a
c4-judge
commented
2 months ago alcueca marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2024-04-renzo/blob/main/contracts/RestakeManager.sol#L352 https://github.com/code-423n4/2024-04-renzo/blob/main/contracts/Deposits/DepositQueue.sol#L254
Vulnerability details
Impact
RestakeManager::calculateTVLs()does not include theERC20tokens inDepositQueue, leading to a wrong TVL value and more ezETH minted / less assets received when withdrawing than supposed.Proof of Concept
DepositQueue::sweepERC20()deposits token rewards fromDepositQueueto EigenLayer. Thus, it is expected to holdERC20token balances to sweep later. As such, these tokens should be accounted for in the calculation of the total TVL to keep a consistent ratio. Otherwise users may mint ezETH without considering these tokens, thenDepositQueue::sweepERC20()is called and increases TVL by depositing in EigenLayer and users get a sudden boost of their value, dilluting rewards for past ezETH holders.Tools Used
Vscode
Recommended Mitigation Steps
Include the token balances of
DepositQueueinRestakeManager::calculateTVLs(), similar to what is done with theWithdrawalQueue.Assessed type
Other