# 28629 - \[SC - Insight] Missing restricted modifier on claimWithdrawalF... Submitted on Feb 22nd 2024 at 18:38:33 UTC by @imaybeghost for [Boost | Puffer Finance](https://immunefi.com/bounty/pufferfinance-boost/) Report ID: #28629 Report type: Smart Contract Report severity: Insight Target: Impacts: * Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol) ## Description ## Brief/Intro Throughout the PufferVault.sol wherever there is a function with natspec specifying Restricted access, is implemented with restricted modifier. Unfortunately, `claimWithdrawalFromEigenLayer(IEigenLayer.QueuedWithdrawal,IERC20[], uint256 )` is supposed to be `Restricted access` but no restricted modifier is specified ## Vulnerability Details ``` /** * @notice Claims stETH withdrawals from EigenLayer * Restricted access * @param queuedWithdrawal The queued withdrawal details * @param tokens The tokens to be withdrawn * @param middlewareTimesIndex The index of middleware times */ function claimWithdrawalFromEigenLayer( IEigenLayer.QueuedWithdrawal calldata queuedWithdrawal, IERC20[] calldata tokens, uint256 middlewareTimesIndex ) external virtual {...} ``` As You can check in natspec, the function is supposed to be restricted but no restricted modifier is implemented to prevent unexpected execution. Conversely, throughout the contract all the functions whose natspec specifies the function as `Restricted access` is implemented with `restricted` modifier E.g: ``` /** * @notice Deposits stETH into `stETH EigenLayer strategy` * Restricted access * @param amount the amount of stETH to deposit */ function depositToEigenLayer(uint256 amount) external virtual restricted {..} ``` ``` /** * @notice Initiates stETH withdrawals from EigenLayer * Restricted access * @param sharesToWithdraw An amount of EigenLayer shares that we want to queue */ function initiateStETHWithdrawalFromEigenLayer(uint256 sharesToWithdraw) external virtual restricted {...} ``` similarly for, `initiateETHWithdrawalsFromLido(uint256[] calldata amounts)` ## Impact Details This leads to the unauthorized access to `claimWithdrawalFromEigenLayer()` when in fact the protocol assumes it to be implemented with access controls in place ## References ## Proof of Concept Since the straightforwardness of the issue, i dont think POC is neccessary, I think adding POC for this issue would be Vacous and an opportunity cost for both of us --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/puffer-finance/28629-sc-insight-missing-restricted-modifier-on-claimwithdrawalf....md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.