Mitigation of M-11: Issue NOT mitigated

Mitigated issue M-11: Residual ETH unreachable and unuitilized in SafEth.sol The issue was that the rounding losses from partitioning msg.value in stake and rebalanceToWeights was left irretrievably in the contract. Mitigation review Previously rebalanceToWeights withdrew all staked funds and...

Mitigation Confirmed for NEW

Note: Issue has not actually been resolved but for some reason I can't get my issues to submit without "Mitigation confirmed no new vulnerabilities detected" checked so I am doing this as a work around Severity High Lines of code Impact Derivative will become broken and all funds lost even if the...

Mitigation of M-07: Issue not mitigated

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-07: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings765 Comments While the principal issue for M-07 described a de-peg scenario, which eventually was interpreted as a "black swan" event, I do think the...

Mitigation Confirmed for Mitigation of H-06: Issue mitigated with error

Mitigated issue H-06: WstEth derivative assumes a 1=1 peg of stETH to ETH. The issue was that WstEth.withdraw and WstEth.ethPerDerivative assume a perfect peg between stETH and ETH, which may cause the slippage to be inaccurately evaluated. Mitigation review The issue has been mitigated by using...

Mitigation Confirmed for H-06

Fix looks good. Root issue was assume 1:1 peg for stETH. This has been fixed by getting true price of stETH from chainlink oracle. --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 3 from #344 [1683218670048]

Judge has assessed an item in Issue 344 as 3 risk. The relevant finding follows: To ensure that there is no overflow when converting uint256 to uint128,and the totalNetInputAmount can be extracted so that it does not need to be calculated again later virtualBaseTokenReserves +=...

Strategy owner can steal staker funds.

Lines of code Vulnerability details Impact The functions StrategyManager.depositIntoStrategy and StrategyManager.depositIntoStrategyWithSignature doesn't check if the msg.sender != strategy. Hence, a strategy owner can deposit into his own strategy and specify the staker to his own EOA account, a...

Assuming a 1-1 peg of Liquid Staked Tokens like stETH and rETH to ETH is dangerous

Lines of code Vulnerability details Impact The price of ETH staking derivatives may not be pegged 1-1 to ETH which affect staking conditions. Proof of Concept To stake eth, a user calls depositBeaconChainETH. The amount parameter is passed into the addShares function. In addShares, the amount...

Integer Overflow Large numbers of strategies/deposits could overflow arrays stakerStrategyList

Lines of code Vulnerability details Impact Overflows of the staker StrategyList and StrategyShares arrays could allow an attacker to manipulate a staker's data by reusing keys. Once the arrays have wrapped around, depositing into a large number of strategies or requesting withdrawals for the same...

The value of MAX_WITHDRAWAL_DELAY_BLOCKS is constant which shouldn't be

Lines of code Vulnerability details Impact The value of MAXWITHDRAWALDELAYBLOCKS is constant which shouldn't be. It is stated that at the moment MAXWITHDRAWALDELAYBLOCKS is 50400 and it is adjustable, but it isn't in this case as it is constant and once deployed it can't be change Proof of Concep...

Slot and block number proofs not required for verification of withdrawal (multiple withdrawals possible)

Lines of code Vulnerability details Impact Since this is a vulnerability which involves multiple in-scope contracts and leads to more than one impact, let's start with a bug desciption from bottom to top. Library Merkle The methods verifyInclusionSha256proof, root, leaf, index and...

Use of block.timestamp

Lines of code Vulnerability details Impact Block timestamps have a purpose for a variety of applications, such as entropy for random numbers see the Entropy Illusion for further details, locking funds for periods of time, and various state-changing conditional statements that are time-dependent...

Depositors risk losing funds through StrategyManager.depositIntoStrategyWithSignature()

Lines of code Vulnerability details Impact The StrategyManager contract has two functions for depositing funds into Strategy contracts, one of them is depositIntoStrategyWithSignature which allows the caller to make a deposit and the new shares are credited to a specified staker. If the staker...

[H-02] Owner cannot freeze and thus cannot slash a queued withdraw that has the delegatedAddress being the 0 address.

Lines of code Vulnerability details canSlash checks to see if the block number is less than whitelistedContractDetailstoBeSlashedslashingContract, which will be 0 if a user has not delegated an address. This will revert freezeOperatorand not allow an owner/watcher to freeze the address, and thus...

A Malicious validator can frontrun 32ETH deposit

Lines of code Vulnerability details Impact Frontrunning by malicious validator actor to change the withdrawal credentials and gain the withdrawal ETH value. Proof of Concept A malicious validator can frontrun stake transaction with the same pubkey and deposit 1 ether for different withdrawal...

State variables are initialized in an upgradeable contract + there is constructor

Lines of code Vulnerability details Impact Due to a requirement of the proxy-based upgradeability system, no constructors can be used in upgradeable contracts. State variables are initialized in an upgradeable contract Proof of Concept See -upgradeableavoid-initial-values-in-field-declarations...

Loss of funds on deposit when totalShares > 0 && priorTokenBalance == 0

Lines of code Vulnerability details Impact Withdrawing one's shares may return far less tokens than one deposited. Proof of Concept Shares returned when depositing is calculated in StrategyBase.deposit as if totalShares == 0 newShares = amount; else uint256 priorTokenBalance = tokenBalance -...

_deployPod() is using hardcoded salt value which can cause issues

Lines of code Vulnerability details Impact deployPod is deploying pod but there is a hardcoded salt value of 0 which can cause issue Proof of Concept There is a risk of address collisions if two different users call the deployPod function with the same input parameters at the same time. This coul...

Medium Access Control Unauthorized access to restricted functions

Lines of code Vulnerability details Impact compromising the owner or whitelister roles could allow an attacker to manipulate critical whitelist and configuration logic, potentially damaging the use of the protocol. By taking control of privileged access, the attacker could enable rapid withdrawal...

Upgraded Q -> 3 from #635 [1683219244120]

Judge has assessed an item in Issue 635 as 3 risk. The relevant finding follows: Unsafe downcasting PrivatePool.sol - 230, 231 --- The text was updated successfully, but these errors were encountered: All reactions...

verifyWithdrawalCredentialsAndBalance does not verify that oracleBlockNumber is the latest block number.

Lines of code Vulnerability details Impact After participating in Ethereum Staking, you may receive shares based on your balance when it was 32 ETH, even though you may have suffered a certain level of slashing at 32 ETH. Until some conscientious watcher proves the slashing in the Consensus Layer...

Upgraded Q -> 3 from #853 [1683219256548]

Judge has assessed an item in Issue 853 as 3 risk. The relevant finding follows: LC-02 USE THE SAFECAST LIBRARY FOR CASTING VALUES TO AVOID OVERFLOW/UNDERFLOW File: virtualBaseTokenReserves += uint128netInputAmount - feeAmount - protocolFeeAmount; virtualNftReserves -= uint128weightSum; --- The...

Zero address Pauser assignment

Lines of code Vulnerability details Impact By exploiting the unpauser role's access to call setPauser with any address input, an attacker could permanently disable a core functionality pausing/unpausing the token by assigning a zero address as the pauser. No pauser would mean no ability to freeze...

Upgraded Q -> 3 from #359 [1683219147605]

Judge has assessed an item in Issue 359 as 3 risk. The relevant finding follows: L-18 UNSAFE CAST Description: Keep in mind that the version of solidity used, despite being greater than 0.8, does not prevent integer overflows during casting, it only does so in mathematical operations. It is...

BEACON CHAIN VALIDATOR COULD SELF RESCUE WHEN OPERATOR IS FROZEN

Lines of code Vulnerability details Impact The modifier onlyNotFrozen is intuitive such that the staker will be frozen when the delegated operator is frozen. However, not utilizing it in recordOvercommittedBeaconChainETH and undelegate could allow the Beacon Chain validator to undelegate from the...

Upgraded Q -> 3 from #891 [1683219170863]

Judge has assessed an item in Issue 891 as 3 risk. The relevant finding follows: L-1: Unsafe casting may overflow Context: virtualBaseTokenReserves += uint128netInputAmount - feeAmount - protocolFeeAmount; L230 virtualNftReserves -= uint128weightSum; L231 virtualBaseTokenReserves -=...

Upgraded Q -> 3 from #421 [1683219158450]

Judge has assessed an item in Issue 421 as 3 risk. The relevant finding follows: 1. Unchecked Cast May Overflow As of Solidity 0.8 overflows are handled automatically; however, not for casting. For example uint324294967300 will result in 4 without reversion. Consider using OpenZepplin's SafeCast...

Upgraded Q -> 3 from #326 [1683219203160]

Judge has assessed an item in Issue 326 as 3 risk. The relevant finding follows: L-05 Integer overflow by unsafe casting Description Keep in mind that the version of solidity used, despite being greater than 0.8, does not prevent integer overflows during casting, it only does so in mathematical...

MAX_WITHDRAWAL_DELAY_BLOCKS assumes that block time is always 12 seconds

Lines of code Vulnerability details Impact Block time may change in the future which may affect the protocol's withdrawal functionality. Proof of Concept StrategyManagerStorage.sol assumes a 12-second blocks timing. If the block time changes in the future the MAXWITHDRAWALDELAYBLOCKS of one week...

Users can avoid getting their queuedWithdrawal slashed because of the wrong implementation.

Lines of code Vulnerability details Impact Users can avoid getting their queuedWithdrawal slashed because of the wrong implementation. Proof of Concept Let's take a look at the following code snippet from StrategyManagerslashQueuedWithdrawal. // keeps track of the index in the indicesToSkip array...

Upgraded Q -> 3 from #306 [1683219251927]

Judge has assessed an item in Issue 306 as 3 risk. The relevant finding follows: L-01 Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from uint256 In the function buy and sell of the contract PrivatePool.sol the function first set the variables...

StrategyBase.underlyingToShares() cannot be overridden to intended mutability

Lines of code Vulnerability details Impact An implementation of underlyingToShares, as inherited from StrategyBase.sol, cannot contrary to intentions make state modifications. This implies that StrategyBase.sol may become useless as a base contract to inherit from. Proof of Concept StrategyBase.s...

Gas stipend of 2300 in staticcall function causes contract failure

Lines of code Vulnerability details Impact The Merkle library's staticcall function contains a vulnerability that could lead to the failure of the entire operation if the invoked external contract exceeds the provided 2300 gas stipend. An attacker could leverage this vulnerability to launch a...

Upgraded Q -> 3 from #826 [1683219178977]

Judge has assessed an item in Issue 826 as 3 risk. The relevant finding follows: 12. Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from uint256. PrivatePool.solL2 File: src/PrivatePool.sol 231: virtualNftReserves -= uint128weightSum;...

StrategyBase.sharesToUnderlying() cannot be overridden to intended mutability

Lines of code Vulnerability details Impact An implementation of sharesToUnderlying, as inherited from StrategyBase.sol, cannot contrary to intentions make state modifications. This implies that StrategyBase.sol may become useless as a base contract to inherit from. Proof of Concept StrategyBase.s...

Access Control Unauthorized access to restricted functions setWithdrawalDelayBlocks

Lines of code Vulnerability details Impact By exploiting the owner's role through social engineering, an attacker could theoretically gain indirect control over any functions that require owner authorization. Specifically, the ability to manipulate withdrawal delays and other critical security...

The values for strategyIndexes are not enforced

Lines of code Vulnerability details Proof of Concept strategyIndexes is used to indicate which strategies the caller will withdraw 100% of his shares, but it can contain any value when calling StrategyManager.queueWithdrawal and StrategyManager.slashShares. These two functions will reuse...

High Reentrancy Withdrawals can be frontrun

Lines of code Vulnerability details Impact A reentrancy attack on the withdrawal functions could allow an attacker to drain the contract of all funds by repeatedly calling the functions faster than transactions can complete. By calling completeQueuedWithdrawal and withdrawBeaconChainETH multiple...

Context not implemented as per need of the code

Lines of code Vulnerability details Impact Logical and mathematical flaws might occur due to lack of the check . Proof of Concept As per comment in: //check if the withdrawal occured after mostRecentWithdrawalBlockNumber but no check is involved in the code which would cause mathematical flaws in...

Attacker can operate as a staker/operator on eigenLayer without risking any funds

Lines of code Vulnerability details Impact Attacker would get shares in StrategyManager without staking any real funds. This would allow him to earn rewards or act maliciously without fear of getting slashed. Proof of Concept Here is the verifyWithdrawalCredentialsAndBalance function: L175-L226...

Attacker can make his stake immune to verifyOvercommittedStake.

Lines of code Vulnerability details Impact verifyOvercommittedStake for an EigenPod will be DOSed, and Attacker's shares will never be reduced even when his stake on BeaconChain gets slashed, and someone attempts to record the overcommitment. Proof of Concept Here is the...

A staker with verified over-commitment can potentially bypass slashing completely

Lines of code Vulnerability details Description In EigenLayer, watchers submit over-commitment proof in the event a staker's balance on the Beacon chain falls below the minimum restaked amount per validator. In such a scenario, stakers’ shares are decreased by the restaked amount. Note that when ...

Upgraded Q -> 3 from #903 [1683219188466]

Judge has assessed an item in Issue 903 as 3 risk. The relevant finding follows: L-2. Use SafeCast Library Description Downcasting from uint256/int256 in Solidity does not revert on overflow. This can easily result in undesired exploitation or bugs, since developers usually assume that overflows...

Manipulation Compromised proposal processing claimDelayedWithdrawals

Lines of code Vulnerability details Impact By exploiting legitimate users' access to claim delayed withdrawals, an attacker could potentially drain a sizable portion of the contract's funds before detection. Manipulative access to critical system functions poses a substantial financial risk. Proo...

Zero address pauser assignment

Lines of code Vulnerability details Impact By allowing any address to be assigned as the pauser, the StrategyBase contract leaves itself vulnerable to losing critical functionality that controls token transfers in and out. Assigning a zero address would result in no valid pauser, preventing the...

isContract() is not a reliable way of checking if the input is an EOA

Lines of code Vulnerability details Impact depositIntoStrategyWithSignature is checking if the msg.sender is EOA or the contract and it is doing it by check isContract which is not right Proof of Concept The isContract check can be passed even though if msg.sender is a smart contract if Function ...

The length of proofs.slotProof is not checked in the verifyWithdrawalProofs function, allowing a malicious EigenPod Owner to be issued only shares via StrategyManager and withdraw all their money

Lines of code Vulnerability details Impact Below is a portion of the verifyAndProcessWithdrawal function. // Verifying the withdrawal as well as the slot BeaconChainProofs.verifyWithdrawalProofsbeaconStateRoot, withdrawalProofs, withdrawalFields; // Verifying the validator fields, specifically th...

Staker can bypass the debt accrued via beaconChainETHSharesToDecrementOnWithdrawal by transferring shares to another address

Lines of code Vulnerability details Description When a staker is verified to have over-committed and the over-committed amount is greater than their outstanding shares, they accrue a debt that is captured by beaconChainETHSharesToDecrementOnWithdrawal. This debt eventually gets settled when the...

Integer Overflow in Endian Library

Lines of code Vulnerability details Impact An integer overflow can lead to unexpected behavior in a smart contract, potentially causing financial loss or disruption of the contract's intended functionality. Proof of Concept If the input value passed to the function exceeds 64 bits, an integer...

Temporary blocking withdrawals because of slashQueuedWithdrawal function incorrectness

Lines of code Vulnerability details Temporary blocking withdrawals because of slashQueuedWithdrawal function incorrectness Impact The incorrectness of the slashQueuedWithdrawalcan block withdraw operations till queuedWithdrawal argument will be changed to exclude strategies with PAUSEDWITHDRAWALS...