Donations and MEV rewards will be stuck in the contract

[hats-bug-reporter[bot]]

Github username: -- Submission hash (on-chain): 0x47cdf4b50eac2fe0b688315554ef894d228f14c0e01fc05894a74b7efb147fd0 Severity: high

Description: Description\ The contract receives donations and MEV rewards through the receive function. But there is no explicit function to withdraw donations or MEV (Miner Extractable Value) rewards. The fucntion in the contract close to a withdraw function is the claimRewards function. However, the claimRewards function is only used for withdrawing rewards related to the smoothing pool.

Attack Scenario\ Donations and MEV rewards will be stuck in the contract

Attachments https://github.com/dappnode/mev-sp-contracts/blob/3929e24ea288d697d38948b8690c8c2028e5042b/contracts/DappnodeSmoothingPool.sol#L233-L239

1. Proof of Concept (PoC) File

   https://github.com/dappnode/mev-sp-contracts/blob/3929e24ea288d697d38948b8690c8c2028e5042b/contracts/DappnodeSmoothingPool.sol#L1-L690

2. Revised Code File (Optional)

[invocamanman]

This rewards are meant to be distributed inside the rewardsRoot

[ololade97]

@invocamanman, isn't the rewards sent to validators through the claimRewards function? And in claimRewards function, it's accumulated balance that is sent and not the donations and MEV rewards.

And isn't rewardsRoot only an aggregation of validator Ids and addresses?

[invocamanman]

rewards root aggregates all the accumulated balance for every withdrawal address. A wihtdrawal address might have one ore more validators attached to it. The accumulate balance is the sum of: The collateral + The validator rewards + The donations + The MEV rewards

[ololade97]

@invocamanman ok, thanks.