search

code-423n4 / 2024-06-renzo-mitigation-findings

0 stars 0 forks source link

H-07 MitigationConfirmed #22

Open c4-bot-4 opened 3 months ago

c4-bot-4 commented 3 months ago

Lines of code

Vulnerability details

See:

Finding Mitigation
H-07: DOS of completeQueuedWithdrawal when ERC20 buffer is filled Pull Request

Navigating to H-08 from the previous contest we can see that the OperatorDelegator::completeQueuedWithdrawal function in the Renzo protocol is designed to finalize withdrawals from EigenLayer sometimes utilizes accumulated ERC20 tokens to fill the ERC20 withdrawal buffer. However, this function fails in the previous codebase when it tries to call depositQueue::fillERC20withdrawBuffer due to the restrictive onlyRestakeManager modifier, which only allows the RestakeManager contract to access it as seen here. As a result, the completeQueuedWithdrawal function reverts, causing a persistent denial of service (DOS) and preventing admins from retrieving funds from EigenLayer, leading to fund losses for the protocol and users.

Now to resolve this, protocol have passed on this pull request which sufficiently mitigates the issue, cause now the onlyRestakeManager modifier has been removed from the fillERC20withdrawBuffer, which ensures that no DOS would occur on calls to this function, i.e


-    function fillERC20withdrawBuffer(
-         address _asset,
-         uint256 _amount
-     ) external nonReentrant onlyRestakeManager {
+     function fillERC20withdrawBuffer(address _asset, uint256 _amount) external nonReentrant {
c4-judge commented 3 months ago

alcueca marked the issue as satisfactory