Trail of Bits
Audit Open Original ↗

RocketPool

Type

Security review

Client

Rocket Pool

Date

2021-08

Domain

Blockchain

Effort

5 wks

Section

Ethereum/EVM

Trail of Bits's security review of Rocket Pool (Aug 2021) identified 8 issues: 5 high, and 3 informational.

Findings · 8

  1. 1 Any network contract can change any node’s withdrawal address High
  2. 2 Current storage pattern fails to ensure type safety High
  3. 3 Solidity compiler optimizations can be problematic Informational
  4. 4 Upgradeable contracts can block minipool withdrawals High
  5. 5 Lack of contract existence check on delegatecall will result in unexpected behavior High
  6. 6 tx.origin in RocketStorage authentication may be an attack vector High
  7. 7 Duplicated storage-slot computation can silently introduce errors Informational
  8. 8 Potential collisions between eternal storage and Solidity mapping storage slots Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related