Renzo Mitigation Review
A protocol that abstracts all staking complexity from the end-user and enables easy collaboration with EigenLayer node operators and a Validated Services (AVSs).
- Start date3 Jun 2024
- End date7 Jun 2024
- Total awards$29,000 in USDC
- Duration4 days
- Details
Renzo Mitigation Review
- Total Prize Pool: $32,500 in USDC
- HM awards: $29,000 in USDC
- Judge awards: $3,500 in USDC
- Warden guidelines for C4 mitigation reviews
- Submit findings using the C4 form
- Starts June 3, 2024 20:00 UTC
- Ends June 7, 2024 20:00 UTC
Important note
Each warden must submit a mitigation review for every individual PR listed in the Scope section below. Incomplete mitigation reviews will not be eligible for awards.
Findings being mitigated
Mitigations of all High and Medium issues will be considered in-scope and listed here.
High Findings
- H-01: Withdrawals can be locked forever if recipient is a contract
- H-02: Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate
- H-03: ETH withdrawals from EigenLayer always fail due to OperatorDelegator's nonReentrant receive()
- H-04: Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps
- H-07: DOS of completeQueuedWithdrawal when ERC20 buffer is filled
- H-08: Incorrect withdraw queue balance in TVL calculation
Medium Findings
- M-02: Withdrawals and Claims are meant to be pausable, but it is not possible in practice
- M-09: Deposits will always revert if the amount being deposited is less than the bufferToFill value
- M-12: Incorrect exchange rate provided to Balancer pools
Scope
Branch
https://github.com/Renzo-Protocol/Contracts
Mitigation of High & Medium Severity Issues
Out of Scope
Any findings that were acknowledged, disputed or in QA reports from the past audit.
- H-05: Withdrawals of rebasing tokens can lead to insolvency and unfair distribution of protocol reserves
- H-06: The amount of xezETH in circulation will not represent the amount of ezETH tokens 1:1
- M-01: Withdrawals can fail due to deposits reverting in completeQueuedWithdrawal()
- M-03: Fixed hearbeat used for price validation is too stale for some tokens
- M-04: Price updating mechanism can break
- M-05: calculateTVL may run out of gas for modest number of operators and tokens breaking deposits, withdrawals, and trades
- M-06: L1::xRenzoBridge and L2::xRenzoBridge uses the block.timestamp as dependency, which can cause issue.
- M-07: Lack of slippage and deadline during withdraw and deposit
- M-08: Not handling the failure of cross chain messaging
- M-10: Potential Arbitrage Opportunity in the xRenzoDeposit L2 contract
- M-11: Fetched price from the oracle is not stored in xRenzoDeposit
- M-13: Pending withdrawals prevent safe removal of collateral assets
- M-14: stETH/ETH Feed being used opens up to 2 way deposit<->withdrawal arbitrage