Skip to content

Latest commit

 

History

History
75 lines (58 loc) · 3.46 KB

M-07.md

File metadata and controls

75 lines (58 loc) · 3.46 KB

Deposit into strategy could be blocked by limits in EigenLayer

Summary

The implementation of depositAssetIntoStrategy() deposits the entire balance of the node delegator which could conflict with the max limits per deposit defined in EigenLayer.

Impact

NodeDelegator are responsible for managing assets in EigenLayer. The DepositPool has a queue of node delegators, and each of these is in charge of depositing assets into EigenLayer. The core implementation can be seen in depositAssetIntoStrategy():

https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/NodeDelegator.sol#L51-L68

51:     function depositAssetIntoStrategy(address asset)
52:         external
53:         override
54:         whenNotPaused
55:         nonReentrant
56:         onlySupportedAsset(asset)
57:         onlyLRTManager
58:     {
59:         address strategy = lrtConfig.assetStrategy(asset);
60:         IERC20 token = IERC20(asset);
61:         address eigenlayerStrategyManagerAddress = lrtConfig.getContract(LRTConstants.EIGEN_STRATEGY_MANAGER);
62: 
63:         uint256 balance = token.balanceOf(address(this));
64: 
65:         emit AssetDepositIntoStrategy(asset, strategy, balance);
66: 
67:         IEigenStrategyManager(eigenlayerStrategyManagerAddress).depositIntoStrategy(IStrategy(strategy), token, balance);
68:     }

As we can see in the previous snippet of code, the implementation simply grabs the entire balance of the given asset present in the contract and tries to deposit it into the corresponding EigenLayer strategy.

This may conflict with EigenLayer preconditions, which impose a max limit per deposit action:

https://github.com/Layr-Labs/eigenlayer-contracts/blob/0139d6213927c0a7812578899ddd3dda58051928/src/contracts/strategies/StrategyBaseTVLLimits.sol#L73-L76

73:     function _beforeDeposit(IERC20 /*token*/, uint256 amount) internal virtual override {
74:         require(amount <= maxPerDeposit, "StrategyBaseTVLLimits: max per deposit exceeded");
75:         require(_tokenBalance() <= maxTotalDeposits, "StrategyBaseTVLLimits: max deposits exceeded");
76:     }

This means that if the current asset balance of the node delegator (token.balanceOf(address(this))) is greater than the defined maxPerDeposit in the corresponding EigenLayer strategy, the deposit action will fail since the manager doesn't have a way to control the volume of the deposit.

Recommendation

Add an amount parameter to depositAssetIntoStrategy() so the manager can define the amount of the asset to be deposited in EigenLayer.

-   function depositAssetIntoStrategy(address asset)
+   function depositAssetIntoStrategy(address asset, uint256 amount)
        external
        override
        whenNotPaused
        nonReentrant
        onlySupportedAsset(asset)
        onlyLRTManager
    {
        address strategy = lrtConfig.assetStrategy(asset);
        IERC20 token = IERC20(asset);
        address eigenlayerStrategyManagerAddress = lrtConfig.getContract(LRTConstants.EIGEN_STRATEGY_MANAGER);

-       uint256 balance = token.balanceOf(address(this));

-       emit AssetDepositIntoStrategy(asset, strategy, balance);
+       emit AssetDepositIntoStrategy(asset, strategy, amount);

-       IEigenStrategyManager(eigenlayerStrategyManagerAddress).depositIntoStrategy(IStrategy(strategy), token, balance);
+       IEigenStrategyManager(eigenlayerStrategyManagerAddress).depositIntoStrategy(IStrategy(strategy), token, amount);
    }