search

code-423n4 / 2024-06-renzo-mitigation-findings

0 stars 0 forks source link

H-07 MitigationConfirmed #11

Open c4-bot-5 opened 3 months ago

c4-bot-5 commented 3 months ago

Lines of code

Vulnerability details

C4 issue

H-07: DOS of completeQueuedWithdrawal when ERC20 buffer is filled

Link to issue

Comments

The completeQueuedWithdrawal() function in the OperatorDelegator contract finalizes queued withdrawals and fills the ERC20 withdrawal buffer if needed by calling the fillERC20withdrawBuffer function in the depositQueue contract. However, the fillERC20withdrawBuffer function is restricted to the RestakeManager contract due to the onlyRestakeManager modifier. Consequently, when completeQueuedWithdrawal attempts to call this function, it reverts, preventing the retrieval of funds.

Mitigation

PR: Pull Request 87 - H07FIX

The fix removes the onlyRestakeManager modifier from the fillERC20withdrawBuffer function, allowing the OperatorDelegator contract to call it without restriction.

    function fillERC20withdrawBuffer(address _asset, uint256 _amount) external nonReentrant {
        if (_amount == 0 || _asset == address(0)) revert InvalidZeroInput();
        // safeTransfer from restake manager to this address
        IERC20(_asset).safeTransferFrom(msg.sender, address(this), _amount);
        // approve the token amount for withdraw queue
        IERC20(_asset).safeApprove(address(withdrawQueue), _amount);
        // call the withdraw queue to fill up the buffer
        withdrawQueue.fillERC20WithdrawBuffer(_asset, _amount);
    }

Conclusion

Removing the onlyRestakeManager modifier from the fillERC20withdrawBuffer function resolves the issue of failed withdrawal completions.

c4-judge commented 3 months ago

alcueca marked the issue as confirmed for report

c4-judge commented 3 months ago

alcueca marked the issue as satisfactory