search

code-423n4 / 2024-06-renzo-mitigation-findings

0 stars 0 forks source link

H-07 MitigationConfirmed #43

Open c4-bot-4 opened 5 months ago

c4-bot-4 commented 5 months ago

Lines of code

Vulnerability details

Original Issue Summary

OperatorDelegator.completeQueuedWithdrawal can not be succesfully completed when the ERC20 buffer is filled due to an incorrect modifier used. This prevents the protocol and users from getting their funds from EigenLayer, resulting in loss of funds.

Mitigation

This mitigation proposed the removal of the onlyRestakeManager modifier.

-    function fillERC20withdrawBuffer(
-        address _asset,
-        uint256 _amount
-    ) external nonReentrant onlyRestakeManager {
+    function fillERC20withdrawBuffer(address _asset, uint256 _amount) external nonReentrant {

Comments

This mitigation succesfully mitigates the original issue. Due to the removal of the onlyRestakeManager modifier, fillERC20withdrawBuffer() can be succesfully called. This allows users to succesfully withdraw their funds from EigenLayer.

Suggestion

n/a

Conclusion

LGTM

c4-judge commented 5 months ago

alcueca marked the issue as satisfactory