change the calculateNeededEtherBuffer to have a
dynamic minimum value relative to the current size of
VALIDATOR_DEPOSIT_SIZE instead of being a hardcoded value of 31
ETH. For example 90% of VALIDATOR_DEPOSIT_SIZE
DESCRIPTION
The minimum ETH buffer as seen in calculateNeededEtherBuffer is 31 ETH
that MevEth requires before creating a validator is reasonable if
VALIDATOR_DEPOSIT_SIZE = 32 ether.
However, in case Rocketpool or similar modules are used and
VALIDATOR_DEPOSIT_SIZE is significantly lower, for example 16 ETH the
funds would end up sitting idly in MevEth for a long period of time before
the check in line 307 could be passed in order to create a validator.
This could lead to unsatisfied customers leaving the contract after having
this realisation or simply deferring from depositing in the first place.
In addition, this could lead to scenarios where the rewards would be
extremely diluted. For example if a validator has been created with 5 ETH,
there could still be another 30 ETH in MevEth waiting to for the balance to
increase so new validators can be created. The reward generated by the 5
ETH would be distributed among all depositors that have contributed to the
total pool of 35 ETH.
https://github.com/manifoldfinance/mevETH2/blob/63edde66d91c263b919fe9c21e128a382219880e/src/MevEth.sol#L301-L315
MINIMAL ETHER BUFFER MIGHT CAUSE FUNDS TO SIT IDLY FOR INDEFINITE PERIODS OF TIME
SEVERITY: Low
PATH: MevEth.sol:calculateNeededEtherBuffer:L103-107
https://github.com/manifoldfinance/mevETH2/blob/63edde66d91c263b919fe9c21e128a382219880e/src/MevEth.sol#L103-L107
REMEDIATION
change the calculateNeededEtherBuffer to have a dynamic minimum value relative to the current size of VALIDATOR_DEPOSIT_SIZE instead of being a hardcoded value of 31 ETH. For example 90% of VALIDATOR_DEPOSIT_SIZE
DESCRIPTION
The minimum ETH buffer as seen in calculateNeededEtherBuffer is 31 ETH that MevEth requires before creating a validator is reasonable if VALIDATOR_DEPOSIT_SIZE = 32 ether. However, in case Rocketpool or similar modules are used and VALIDATOR_DEPOSIT_SIZE is significantly lower, for example 16 ETH the funds would end up sitting idly in MevEth for a long period of time before the check in line 307 could be passed in order to create a validator. This could lead to unsatisfied customers leaving the contract after having this realisation or simply deferring from depositing in the first place. In addition, this could lead to scenarios where the rewards would be extremely diluted. For example if a validator has been created with 5 ETH, there could still be another 30 ETH in MevEth waiting to for the balance to increase so new validators can be created. The reward generated by the 5 ETH would be distributed among all depositors that have contributed to the total pool of 35 ETH. https://github.com/manifoldfinance/mevETH2/blob/63edde66d91c263b919fe9c21e128a382219880e/src/MevEth.sol#L301-L315