This repository has been archived by the owner on Sep 8, 2024. It is now read-only.
almurhasan - Calling function queueWithdrawalForUserSettlement will revert. #160
Labels
Non-Reward
This issue will not receive a payout
Sponsor Disputed
The sponsor disputed this issue's validity
Comments
|
Invalid - Though we will be updating to support this change, it was made after the audited code was frozen. The target version is https://github.com/Layr-Labs/eigenlayer-contracts/tree/v0.2.1-goerli-m2 |
sherlock-admin2
added
the
Sponsor Disputed
github-actions
bot
added
Medium
|
@solimander What was the exact time this change was introduced and do you have a link? I will have to consider only time after 20 February when the contest started. |
|
@solimander Could you point me to the right resource from the above comment? |
|
@nevillehuang It was merged into the Target tag was noted here: https://discord.com/channels/812037309376495636/1209514827442167839/1209965316323672084 |
sherlock-admin2
changed the title
sherlock-admin2
added
Non-Reward
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
almurhasan
high
Calling function queueWithdrawalForUserSettlement will revert.
Summary
This function will revert due to a require statement in eigenlayer’s delegationmanager contract.the statement is withdrawer must be staker.but here withdrawer is not staker.
Vulnerability Detail
Here withdrawer must be msg.sender
Impact
Usersettlement will fail.
Code Snippet
https://github.com/sherlock-audit/2024-02-rio-network-core-protocol/blob/main/rio-sherlock-audit/contracts/restaking/RioLRTOperatorDelegator.sol#L217
https://github.com/Layr-Labs/eigenlayer-contracts/blob/dev/src/contracts/core/DelegationManager.sol#L275
Tool used
Manual Review
Recommendation
Make sure withdrawer and msg.sender is same when calling the function queueWithdrawals(delegationManager contract)
The text was updated successfully, but these errors were encountered: