Skip to content
This repository has been archived by the owner on Sep 8, 2024. It is now read-only.

hash - Shares associated with operator exits are not marked unwithdrawable #275

Closed
sherlock-admin3 opened this issue Mar 7, 2024 · 0 comments
Closed

hash - Shares associated with operator exits are not marked unwithdrawable #275

sherlock-admin3 opened this issue Mar 7, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin3
Copy link
Contributor

sherlock-admin3 commented Mar 7, 2024
edited by Czar102
Loading

hash

medium

Shares associated with operator exits are not marked unwithdrawable

Summary

Shares associated with operator exits are not marked unwithdrawable

Vulnerability Detail

When an operator exits, the shares associated with the operator is only cleared once the withdrawal from EigenLayer completes and the assets reach the depositPool

    function completeOperatorWithdrawalForAsset(
        address asset,
        uint8 operatorId,
        IDelegationManager.Withdrawal calldata queuedWithdrawal,
        uint256 middlewareTimesIndex
    ) external {
        
        ....
       
        // @audit the associated shares are cleared here. similar for eth

        } else {
            assetRegistry().decreaseSharesHeldForAsset(asset, queuedWithdrawal.shares[0]);
        }

During this time period, for user's attempting to withdraw it would seem as if this amount of shares is available to withdraw. This will cause the rebalance function to revert until the operator's withdrawal associated amount reaches depositPool. User's withdrawing would expect a total time of (rebalance delay ~1 day + eigen layer delay, max 7 days) to complete the withdrawal. But since the operator's queued withdrawal amount can take ~ 7 days to reach the deposit pool, it is possible for the withdrawal to take ~14 days to complete.

Impact

When deposits doesn't cover the entire withdrawal amount, rebalance can revert and cause withdrawals to take twice (ie.~14 days instead of ~7 days) as much time to complete

Code Snippet

Shares associated with an operator exit is only cleared once the withdrawal is complete and is not marked non-withdrawable
https://github.com/sherlock-audit/2024-02-rio-network-core-protocol/blob/4f01e065c1ed346875cf5b05d2b43e0bcdb4c849/rio-sherlock-audit/contracts/restaking/RioLRTDepositPool.sol#L119-L147

Tool used

Manual Review

Recommendation

Account for the currently queued operator withdrawals and decrease it from the withdraw-able shares

Duplicate of #361
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Mar 16, 2024
@sherlock-admin2 sherlock-admin2 changed the title Massive Syrup Sheep - Shares associated with operator exits are not marked unwithdrawable hash - Shares associated with operator exits are not marked unwithdrawable Mar 26, 2024
@sherlock-admin2 sherlock-admin2 added the Reward A payout will be made for this issue label Mar 26, 2024
@nevillehuang nevillehuang mentioned this issue Apr 4, 2024
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin2 @sherlock-admin3