Last updated
Was this helpful?
Submitted on Feb 22nd 2024 at 18:38:33 UTC by @imaybeghost for
Report ID: #28629
Report type: Smart Contract
Report severity: Insight
Target: https://etherscan.io/address/0x7276925e42f9c4054afa2fad80fa79520c453d6a
Impacts:
Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
Throughout the PufferVault.sol wherever there is a function with natspec specifying Restricted access, is implemented with restricted modifier. Unfortunately, claimWithdrawalFromEigenLayer(IEigenLayer.QueuedWithdrawal,IERC20[], uint256 ) is supposed to be Restricted access but no restricted modifier is specified
As You can check in natspec, the function is supposed to be restricted but no restricted modifier is implemented to prevent unexpected execution.
Conversely, throughout the contract all the functions whose natspec specifies the function as Restricted access is implemented with restricted modifier E.g:
similarly for, initiateETHWithdrawalsFromLido(uint256[] calldata amounts)
This leads to the unauthorized access to claimWithdrawalFromEigenLayer() when in fact the protocol assumes it to be implemented with access controls in place
https://github.com/PufferFinance/pufETH/blob/main/src/PufferVault.sol#L215-L226
Since the straightforwardness of the issue, i dont think POC is neccessary, I think adding POC for this issue would be Vacous and an opportunity cost for both of us
