The way the protocol is designed allows ezETH holders to avoid incurring into losses when the protocol TVL has a instant decrease. In Renzo a sudden TVL decrease might happen for multiple (mostly unavoidable) reasons:
A validator receives penalties. Renzo will be notified of the loss when EigenPod::verifyBalanceUpdates() is called, which will instantly lower the TVL.
One of the supported LSDs (wbETH, mETH, etc.) has a sudden value drop, this can happen for penalties, slashings or exploits on the LSD side.
Oracle updates. Chainlink price feeds are updated only when a specified "deviation threshold" is reached, or an amount of time defined as "heartbeat" is passed. Deviation thresholds can be up to ~2%, meaning the protocol could see a 2% instant valuation loss of an asset (and TVL as a consequence) as soon as the price for that asset is updated. Depending on the amount of assets held in the protocol, a 2% could be a meaningful amount in absolute terms.
To avoid the loss, a staker can withdraw his ezETH via WithdrawQueue::withdraw() before the loss is reflected in the protocol TVL, this is possible because WithdrawQueue::withdraw() calculates and caches the amount of ETH/Tokens to redeem based on the current value of the ezETH, which doesn't account for losses yet:
After a time delay, the staker can call WithdrawQueue::claim() to claim the amount of assets calculated during the execution of WithdrawQueue::withdraw(), which is unaffected by the losses.
Important to note that, in case of penalties/slashings of validators controlled by Renzo both functions used to notify Renzo of the loss (EigenPod::verifyAndProcessWithdrawals() and/or EigenPod::verifyBalanceUpdates()) are permissionless, which allows a staker to avoid the loss by executing the calls atomically.
Impact
Stakers can avoid being affected by instant TVL drops, this will also make fair users incur into more losses than they should.
Proof of Concept
Alice, a staker in the Renzo protocol, is monitoring the beacon chain and notices a validator is being slashed:
Alice calls WithdrawQueue::claim() and redeems her ezETH, being unaffected by the slashing
Recommended Mitigation Steps
The amount of ETH/Tokens to be claimed should be calculated in WithdrawQueue::claim()
instead of WithdrawQueue::withdraw(). This way the funds that are currently queued for withdrawals will be still subject to losses.
DadeKuma
commented
5 months ago
Lines of code
https://github.com/code-423n4/2024-04-renzo/blob/main/contracts/Withdraw/WithdrawQueue.sol#L220-L224
Vulnerability details
The way the protocol is designed allows
ezETHholders to avoid incurring into losses when the protocol TVL has a instant decrease. In Renzo a sudden TVL decrease might happen for multiple (mostly unavoidable) reasons:wbETH,mETH, etc.) has a sudden value drop, this can happen for penalties, slashings or exploits on the LSD side.To avoid the loss, a staker can withdraw his
ezETHvia WithdrawQueue::withdraw() before the loss is reflected in the protocol TVL, this is possible because WithdrawQueue::withdraw() calculates and caches the amount of ETH/Tokens to redeem based on the current value of theezETH, which doesn't account for losses yet:After a time delay, the staker can call WithdrawQueue::claim() to claim the amount of assets calculated during the execution of WithdrawQueue::withdraw(), which is unaffected by the losses.
Important to note that, in case of penalties/slashings of validators controlled by Renzo both functions used to notify Renzo of the loss (EigenPod::verifyAndProcessWithdrawals() and/or EigenPod::verifyBalanceUpdates()) are permissionless, which allows a staker to avoid the loss by executing the calls atomically.
Impact
Stakers can avoid being affected by instant TVL drops, this will also make fair users incur into more losses than they should.
Proof of Concept
Alice, a staker in the Renzo protocol, is monitoring the beacon chain and notices a validator is being slashed:
ezETHezETH, being unaffected by the slashingRecommended Mitigation Steps
The amount of ETH/Tokens to be claimed should be calculated in WithdrawQueue::claim() instead of WithdrawQueue::withdraw(). This way the funds that are currently queued for withdrawals will be still subject to losses.
Assessed type
Other