Currently, all staking modules have the REQUEST_BURN_SHARES_ROLE role in the Burner contract, which allows the caller to lock stETH from any address that has pre-approved an amount of stETH for burning, but staking modules must only lock stETH from their contract address. Therefore, staking modules can use the less powerful REQUEST_BURN_MY_STETH_ROLE role.
Problem
The 'REQUEST_BURN_SHARES_ROLE' grants staking modules excessive permissions beyond what is necessary, violating the principle of granting only the minimum required permissions.
Implementation
It is recommended to remove the REQUEST_BURN_SHARES_ROLE from all staking modules and grant them the REQUEST_BURN_MY_STETH_ROLE instead.
This change will require minimal contract code modifications but will enhance module isolation and protocol security.
Summary
Currently, all staking modules have the
REQUEST_BURN_SHARES_ROLErole in theBurnercontract, which allows the caller to lock stETH from any address that has pre-approved an amount of stETH for burning, but staking modules must only lock stETH from their contract address. Therefore, staking modules can use the less powerfulREQUEST_BURN_MY_STETH_ROLErole.Problem
The 'REQUEST_BURN_SHARES_ROLE' grants staking modules excessive permissions beyond what is necessary, violating the principle of granting only the minimum required permissions.
Implementation
It is recommended to remove the
REQUEST_BURN_SHARES_ROLEfrom all staking modules and grant them theREQUEST_BURN_MY_STETH_ROLEinstead.This change will require minimal contract code modifications but will enhance module isolation and protocol security.
Guidelines