Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

StrategyBase.explanation() cannot be overridden to intended mutability #453

Open
code423n4 opened this issue May 4, 2023 · 10 comments
Open

StrategyBase.explanation() cannot be overridden to intended mutability #453

code423n4 opened this issue May 4, 2023 · 10 comments
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a primary issue Highest quality submission among a set of duplicates Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2023-04-eigenlayer/blob/5e4872358cd2bda1936c29f460ece2308af4def6/src/contracts/strategies/StrategyBase.sol#L158-L164

Vulnerability details

Impact

An implementation of explanation(), as inherited from StrategyBase.sol, cannot (possibly contrary to intentions) make state modifications. This implies that StrategyBase.sol may become useless as the intended base contract to inherit from.

Proof of Concept

StrategyBase.sol "is designed to be inherited by more complex strategies, which can then override its functions as necessary".
Its function explanation() is declared as pure:

/**
* @notice Currently returns a brief string explaining the strategy's goal & purpose, but for more complex
* strategies, may be a link to metadata that explains in more detail.
*/
function explanation() external pure virtual override returns (string memory) {
    return "Base Strategy implementation to inherit from for more complex implementations";
}

This means that any inheriting contract overriding this function also must be pure. However, an implementation might need a mutability of at least view. This is suggested by it's being declared view in IStrategy.sol. For example, the explanation of the strategy might want to incorporate the value of some variable in the strategy, rather than just being an immutable string.

There is a similar issue with sharesToUnderlying() and underlyingToShares(), both reported separately.

Recommended Mitigation Steps

Declare explanation() as the default nonpayable.

- function explanation() external pure virtual override returns (string memory) {
+ function explanation() external view virtual override returns (string memory) {

Assessed type

Context
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels May 4, 2023
code423n4 added a commit that referenced this issue May 4, 2023
@code423n4
d3e4 issue #453
5cd74ca
@c4-pre-sort
Copy link

0xSorryNotSorry marked the issue as primary issue

@c4-pre-sort c4-pre-sort added the primary issue Highest quality submission among a set of duplicates label May 9, 2023
@c4-sponsor c4-sponsor added the sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue label May 12, 2023
@c4-sponsor
Copy link

Sidu28 marked the issue as sponsor disputed

@Sidu28
Copy link

Sidu28 commented May 12, 2023

This was already reported in the Consensys Diligence audit that is linked in the contest's README: https://consensys.net/diligence/audits/2023/03/eigenlabs-eigenlayer/#strategybase--inheritance-related-issues

@GalloDaSballo
Copy link

Would be a Refactoring at best, closing as Known

@c4-judge
Copy link
Contributor

GalloDaSballo marked the issue as unsatisfactory:
Out of scope

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label May 25, 2023
@d3e4
Copy link

d3e4 commented Jun 4, 2023

This was already reported in the Consensys Diligence audit that is linked in the contest's README: https://consensys.net/diligence/audits/2023/03/eigenlabs-eigenlayer/#strategybase--inheritance-related-issues

explanation() was not reported in the Consensys Diligence audit; only sharesToUnderlying() and underlyingToShares() were.

@c4-judge c4-judge added downgraded by judge Judge downgraded the risk level of this issue QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Jun 6, 2023
@c4-judge
Copy link
Contributor

c4-judge commented Jun 6, 2023

GalloDaSballo changed the severity to QA (Quality Assurance)

@GalloDaSballo
Copy link

Low

@c4-judge c4-judge reopened this Jun 8, 2023
@c4-judge
Copy link
Contributor

c4-judge commented Jun 8, 2023

GalloDaSballo marked the issue as grade-a

@c4-judge c4-judge added grade-a and removed unsatisfactory does not satisfy C4 submission criteria; not eligible for awards labels Jun 8, 2023
@GalloDaSballo
Copy link

After awaring the 2 QAs and the other finding, am raising to A for the high quality descriptions

@C4-Staff C4-Staff added the Q-02 label Jun 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a primary issue Highest quality submission among a set of duplicates Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@GalloDaSballo @Sidu28 @code423n4 @c4-judge @c4-sponsor @c4-pre-sort @d3e4 @C4-Staff