feat: slashing audit fixes #1046
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ypatil12
force-pushed
the
slashing-magnitudes
branch
from
7a6f8a6 to
fbe5ee2
Compare
ypatil12
force-pushed
the
slashing-magnitudes-fixes
branch
2 times, most recently
from
5c30eb1 to
fc59c50
Compare
ypatil12
force-pushed
the
slashing-magnitudes-fixes
branch
2 times, most recently
from
011af97 to
fb84edf
Compare
* Validate that users who are slashed fully can redeposit once undelegated * removing arraylib use * test for updating eigenpod state -> slash/undelegate * removing unnecessary logging function * fixing strategy set * beacon chain tests in progress --------- Co-authored-by: Michael <michael@Michaels-MacBook-Pro.local>
* fix: fixing 0 withdrawal issues * style: white space * docs: changing description for test --------- Co-authored-by: Michael <michael@Michaels-MacBook-Pro.local>
* Slashing integration tests (#1003) * Validate that users who are slashed fully can redeposit once undelegated * removing arraylib use * test for updating eigenpod state -> slash/undelegate * removing unnecessary logging function * fixing strategy set * beacon chain tests in progress --------- Co-authored-by: Michael <michael@Michaels-MacBook-Pro.local> * Revert "Slashing integration tests (#1003)" (#1007) This reverts commit e945d8d. * integration tests for full eigenlayer slashes * comment re: beacon chain eth partial deposits * fix: fixing 0 withdrawal issues (#1019) * fix: fixing 0 withdrawal issues * style: white space * docs: changing description for test --------- Co-authored-by: Michael <michael@Michaels-MacBook-Pro.local> * test: withdraw as shares for random subset of strategies fully slashed * style: removing debugging stubs and updating comment --------- Co-authored-by: Michael <michael@Michaels-MacBook-Pro.local>
…#1031) * refactor(test): clean up random config and upgrade tests * test: move test to upgrade tests
* test: improve integration invariants * also removes unneeded fork logic * adds checks to some invariants * fixes some broken tests * test(integration): enable shared setups
* fix: remove token param from Deposit event and related APIs * fix: forge fmt * fix: rebase * fix: update EigenPodManager and test * fix: update tests * fix: update eigenpodmanager tests * fix: update StrategyManagerMock * feat: add bindings * fix: update docs
* feat: better introspection for encumbered magnitude * chore: bindings * chore: fix comment and make bindings
* chore: remove unused helper * chore: bindings
* feat: changing burnableShares to EnumerableMap * style: linter * docs: storage docs * style: natspec and import * style: lint * feat: adding view function for cronjob and moving functions * fix: updating storage gap * docs: storage slots comment * feat: new bindings * docs: updating StrategyManager doc * docs: bindings --------- Co-authored-by: Michael <michael@Michaels-MacBook-Pro.local>
…1037) * chore: add view functions for isOperatorSlashable * feat: add `getAllocatedStake` func * test: getAllocatedStake * test: add getMinimumSlashableStake tests * chore: format * chore: fmt interface * chore: remove unnecessary test * chore: update comment * chore: bindings --------- Co-authored-by: Yash Patil <40046473+ypatil12@users.noreply.github.com>
…1042) * chore: fix forge nightly release breaking two tests * test: fix outdated alm tests
* fix: overflow bug for pendingDiff input * test: add check to regression test --------- Co-authored-by: wadealexc <pragma-services@proton.me>
* test: regression tests showing invalid state * fix: require check and update tests
* fix: ep negative shares bug * fix: comments * test: add integration tests for neg shares * chore: remove logs * chore: use already calculated delta * chore: use stable foundry release in CI
…rator (#1051) * feat: add OperatorSharesSlashed event to track shares slashed per operator * feat: add unit tests * fix: add more tests
* feat: add `getSharesFromQueuedWithdrawal` * test: passing * refactor(review): improve natspec * refactor(review): maintain original interface * test(review): add unit tests * refactor(review): test empty * refactor(review): test empty * refactor(review): remove returned `Withdrawal` * fix: use operator from `Withdrawal` * test: use operator from `Withdrawal` * chore: forge fmt
* docs: slashing factors rounding * chore: forge fmt
* docs: small slash amounts * docs: update contract docs --------- Co-authored-by: wadealexc <pragma-services@proton.me>
**Motivation:** Fixes an issue where stakers delegating Beacon Chain ETH from slashed Eigen Pods were able to delegate more shares than they should. Specifically, operators now are delegated a staker's `withdrawableShares` rather than their `depositShares`. **Modifications:** - Changed accounting logic on delegation in `DelegationManger.sol` - `DepositScalingFactor` now resets when a staker withdraws all their shares, whether through undelegation, redelegation, or a simple withdrawal - Changes in `StrategyManager.sol`, `IShareManager.sol`, `SlashingLib.sol`, and `EigenPodManager.sol` to accommodate new accounting - New test files and changes to others to reflect new accounting and invariants - Updated `docs/SharesAccounting.md` **Result:** System is now robust to stakers with arbitrary EigenPod states --------- Co-authored-by: Michael <michael@Michaels-MacBook-Pro.local> Co-authored-by: Michael Sun <michaelsun97@gmail.com> Co-authored-by: wadealexc <pragma-services@proton.me> Co-authored-by: Yash Patil <40046473+ypatil12@users.noreply.github.com> Co-authored-by: clandestine.eth <96172957+0xClandestine@users.noreply.github.com>
**Motivation:** Audit report flagged that function selector-based permissions may break on upgrades. This PR documents the limitation and its implications while improving NatSpec for clarity. (EGSL-15) **Modifications:** - Documented function selector upgrade invalidations. - Improved NatSpec comments in `IPermissionController`. **Result:** Clearer documentation on function selector limitations and enhanced NatSpec for better code clarity.
- *Dynamic Domain Separator:* `SignatureUtils.domainSeparator()` is now recomputed for each signature verification. This eliminates the need for storing initial values in storage or as immutables, which is important for beacon proxy support. - ~*Version Bump Command:* Introduced `make bump-version VERSION=2`, which automatically updates the version function's return values.~ - *Version Fn + Constructor Param:* Adds an immutable oz `ShortString` that's set in the constructor.
**Motivation:** Concerns about reentrancy in the DelegationManager and interactions of completed withdrawals which can call untrusted ERC20 transfers **Modifications:** Added reentrant guards across external functions **Result:** Preventing cross-function reentrancy in the DelegationManager --------- Co-authored-by: wadealexc <pragma-services@proton.me>
**Motivation:** Fixes an issue arbitrary external contracts could be called via `StrategyManager.burnShares`. (Certora L-04) **Modifications:** `StrategyManager.burnShares` does not do an external call if the burnable share amount is zero **Result:** Should no longer be possible to call untrusted code directly through `burnShares`
**Motivation:** Document edge cases around BC/AVS Slashing. **Modifications:** Update docs with justification. **Result:** Clear edge case callouts.
require avs register metadata in allocation manager before they can create operatorset --------- Co-authored-by: clandestine.eth <96172957+0xClandestine@users.noreply.github.com>
**Motivation:** Current fn only returns scaled shares, which leads integrators to making two calls. This is expensive in terms of gas. **Modifications:** - `getSharesFromQueuedWithdrawal` has been renamed to `getQueuedWithdrawalFromRoot` and now also returns `Withdrawal` struct. **Result:** Integrators can fetch both in a single call.
**Motivation:** Improve slashing invariants in integration tests **Modifications:** Adds `check_Base_Slashing_State`, and implements several checks used within **Result:** Slashing invariants check all manner of state changes in the ALM and delegation. --------- Co-authored-by: Michael <michael@Michaels-MacBook-Pro.local>
**Motivation:** Naming between the `getQueuedWIthdrawal` aliases was inconsistent. **Modifications:** - ~made `queuedWithdrawals[withdrawalRoot]` mapping public.~ - renamed `queuedWithdrawals` -> `_queuedWithdrawals`. - added `_queuedWithdrawals` getter - removed previous `getQueuedWithdrawal` alias. - renamed `getQueuedWithdrawalFromRoot` to `getQueuedWithdrawal`. **Result:** Consistent function naming. --------- Co-authored-by: Yash Patil <40046473+ypatil12@users.noreply.github.com>
**Modifications:** Add finalized audit reports to /audits folder
ypatil12
force-pushed
the
slashing-magnitudes-fixes
branch
from
fb84edf to
44487a0
Compare
0xClandestine
approved these changes
Feb 21, 2025
8sunyuan
reviewed
Feb 21, 2025
8sunyuan
reviewed
Feb 21, 2025
8sunyuan
reviewed
Feb 21, 2025
8sunyuan
approved these changes
Feb 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation:
Fixes for issues discovered during Sigma Prime / Certora audits.
Modifications:
Here are the key PRs to look at, sorted by domain:
Bug Fixes:
Feature Changes:
Events and View Method Changes:
getAllocatedStakeand updategetMinimumSlashableStake#1037getSharesFromQueuedWithdrawal#1078getSharesForQueuedWithdrawal#1130getQueuedWithdrawalalias #1133Documentation: