search

code-423n4 / 2024-09-karak-mitigation-findings

0 stars 0 forks source link

ADD-01 MitigationConfirmed #10

Open c4-bot-2 opened 2 months ago

c4-bot-2 commented 2 months ago

Lines of code

Vulnerability details

Comments

link

The ADD-01 fix ensures that the slashed amounts are correctly accounted for in the node.withdrawableCreditedNodeETH variable. This variable tracks the latest amount of ETH available for withdrawal, and the fix deducts the slashedWithdrawable amount directly from it.

This helps maintain an accurate record of the ETH that remains withdrawable after a slashing event, thereby preventing discrepancies in user balances.

    function _burnSlashed(address nodeOwner) internal {
        NativeVaultLib.Storage storage self = _state();
        NativeVaultLib.NativeNode storage node = self.ownerToNode[nodeOwner];

        uint256 slashedAssets;
        // Account for rounding errors which might make convertToAssets() > totalRestakedETH
        if (node.totalRestakedETH > convertToAssets(balanceOf(nodeOwner))) {
            // slashed ETH = total restaked ETH (node + beacon) - share price equivalent ETH
            slashedAssets = node.totalRestakedETH - convertToAssets(balanceOf(nodeOwner));
        }

        // sweepable ETH = min(ETH available on node that has been minted shares for, total slashed ETH)
        uint256 slashedWithdrawable = Math.min(node.withdrawableCreditedNodeETH, slashedAssets);

        // withdraw sweepable ETH to slashStore
        INativeNode(node.nodeAddress).withdraw(address(0), slashedWithdrawable);

        // update total restaked ETH available (node + beacon)
        node.totalRestakedETH -= slashedWithdrawable;
        node.withdrawableCreditedNodeETH -= slashedWithdrawable;
    }
c4-judge commented 2 months ago

MiloTruck marked the issue as satisfactory