H-3 MitigationConfirmed #42

c4-bot-8 · 2024-06-07T08:36:20Z

Lines of code

Vulnerability details

Original Issue Summary

H-03: ETH withdrawals from EigenLayer always fail due to OperatorDelegator's nonReentrant receive()

ETH withdrawals from EigenLayer require a reentrancy in receive(). However, the receive() function uses the nonReentrant modifier, which prevents the reentrancy and ultimately resulting in ETH withdrawals from EigenLayer failing.

Mitigation

Mitigation H-03

This mitigation proposes the removal of the nonReentrant modifier:

-    receive() external payable nonReentrant {
+    receive() external payable {

Comments

This mitigation succesfully mitigates H-03, reentrancy is now possible again in the receive() function, which means that the EigenLayer ETH withdraws will succeed.

Suggestion

n/a

Conclusion

LGTM

The text was updated successfully, but these errors were encountered:

liveactionllama · 2024-06-07T20:03:24Z

Minor label update for consistency across all MR-H-03 submissions.

c4-judge · 2024-06-08T05:10:42Z

alcueca marked the issue as satisfactory

c4-bot-8 added mitigation-confirmed MR-H-3 labels Jun 7, 2024

c4-bot-1 added a commit that referenced this issue Jun 7, 2024

Fassi_Security issue #42

77a605a

liveactionllama added MR-H-03 and removed MR-H-3 labels Jun 7, 2024

c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Jun 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

H-3 MitigationConfirmed #42

H-3 MitigationConfirmed #42

c4-bot-8 commented Jun 7, 2024

liveactionllama commented Jun 7, 2024

c4-judge commented Jun 8, 2024