28629 - [SC - Insight] Missing restricted modifier on claimWithdrawalF...
Submitted on Feb 22nd 2024 at 18:38:33 UTC by @imaybeghost for Boost | Puffer Finance
Report ID: #28629
Report type: Smart Contract
Report severity: Insight
Target: https://etherscan.io/address/0x7276925e42f9c4054afa2fad80fa79520c453d6a
Impacts:
Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
Description
Brief/Intro
Throughout the PufferVault.sol wherever there is a function with natspec specifying Restricted access, is implemented with restricted modifier. Unfortunately, claimWithdrawalFromEigenLayer(IEigenLayer.QueuedWithdrawal,IERC20[], uint256 ) is supposed to be Restricted access but no restricted modifier is specified
Vulnerability Details
/**
* @notice Claims stETH withdrawals from EigenLayer
* Restricted access
* @param queuedWithdrawal The queued withdrawal details
* @param tokens The tokens to be withdrawn
* @param middlewareTimesIndex The index of middleware times
*/
function claimWithdrawalFromEigenLayer(
IEigenLayer.QueuedWithdrawal calldata queuedWithdrawal,
IERC20[] calldata tokens,
uint256 middlewareTimesIndex
) external virtual {...}
As You can check in natspec, the function is supposed to be restricted but no restricted modifier is implemented to prevent unexpected execution.
Conversely, throughout the contract all the functions whose natspec specifies the function as Restricted access is implemented with restricted modifier E.g:
similarly for, initiateETHWithdrawalsFromLido(uint256[] calldata amounts)
Impact Details
This leads to the unauthorized access to claimWithdrawalFromEigenLayer() when in fact the protocol assumes it to be implemented with access controls in place
References
https://github.com/PufferFinance/pufETH/blob/main/src/PufferVault.sol#L215-L226
Proof of Concept
Since the straightforwardness of the issue, i dont think POC is neccessary, I think adding POC for this issue would be Vacous and an opportunity cost for both of us
Last updated
Was this helpful?