Closed howlbot-integration[bot] closed 3 months ago
Expected behaviour.
CloudEllie marked the issue as primary issue
@jatinj615, if this is expected behaviour, it is not documented, and rans contrary to the stated invariants of the protocol (#441)
ezETH should be minted or redeemed based on current supply and TVL.
In #438 there is also a possible mitigation, calculating withdrawal amounts at claim time instead of withdrawal time.
Downgrading to Medium. There is a loss of value to users, but its significance is debatable since it's related to how much can slashing events be arbitraged.
alcueca changed the severity to 2 (Med Risk)
alcueca marked the issue as satisfactory
alcueca marked issue #441 as primary and marked this issue as a duplicate of 441
alcueca changed the severity to 3 (High Risk)
alcueca marked the issue as duplicate of #326
Lines of code
https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/Withdraw/WithdrawQueue.sol#L206
Vulnerability details
Validator balances are updated when verifyBalanceUpdates() is called on an EigenPod if a validator is penalized or verifyAndProcessWithdrawals() is called if a validator is slashed, which means these actions are known before they take effect in the EigenLayer system. The issue is that users can front-run these calls to initiate a withdraw and get more out of the system before the total TVL calculations take place with updates as withdraw request will be cached with the stale TVL calculations.
Impact
Users front-running slashing and penalty updates will be stealing from other users.
Tools Used
Manual review
Recommended Mitigation Steps
Ensure that the correct amount of penalties is distributed evenly among stakers.
Assessed type
Other