# 28773 - \[SC - Insight] The function claimWithdrawalFromEigenLayer can ...

Submitted on Feb 26th 2024 at 18:37:32 UTC by @crazy\_squirrel for [Boost | Puffer Finance](https://immunefi.com/bounty/pufferfinance-boost/)

Report ID: #28773

Report type: Smart Contract

Report severity: Insight

Target: <https://etherscan.io/address/0xd9a442856c234a39a81a089c06451ebaa4306a72>

Impacts:

* Theft of unclaimed yield
* Protocol insolvency

## Description

## Brief/Intro

The `claimWithdrawalFromEigenLayer` function in the `PufferVault` is marked as ***restricted*** in the NatSpec comment.

However, it doesn't have the appropriate `restricted` modifier, and can be called by anyone instead.

## Vulnerability Details

#### `claimWithdrawalFromEigenLayer`

```solidity
function claimWithdrawalFromEigenLayer(
    IEigenLayer.QueuedWithdrawal calldata queuedWithdrawal,
    IERC20[] calldata tokens,
    uint256 middlewareTimesIndex
) external virtual;
```

Completes the process of withdrawing stETH from EigenLayer's stETH strategy contract

*Effects*

* Claims the previously queued withdrawal from EigenLayer's stETH strategy contract
* Transfers stETH from EigenLayer's stETH strategy contract to this vault contract

*Requirements*

* There must be a corresponding queued withdrawal created previously via function `initiateStETHWithdrawalFromEigenLayer`
* Enough time must have elapsed since creation of the queued withdrawal such that it is claimable at the time of this function call

## Impact Details

Provide a detailed breakdown of possible losses from an exploit, especially if there are funds at risk. This illustrates the severity of the vulnerability, but it also provides the best possible case for you to be paid the correct amount. Make sure the selected impact is within the program’s list of in-scope impacts and matches the impact you selected.

## References

<https://github.com/PufferFinance/pufETH/blob/d340d40a2ebb72993cd7dd6049a78a01bcef32ae/src/PufferVault.sol#L217>

## Proof of Concept


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/puffer-finance/28773-sc-insight-the-function-claimwithdrawalfromeigenlayer-can-....md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.