# EigenLayer Contracts - Audit Handbook [TOC] --- ### Scope This review concerns the upcoming M2 mainnet upgrade for EigenLayer and EigenDA. The upgrade is scheduled for end Q1/early Q2, and consists of: * A contract upgrade of our current core contracts from the currently-deployed M1 version to their M2 versions. * Deployment of EigenDA contracts (and offchain infrastructure), which will integrate with the M2 core contracts. We are asking for reviewers to dig through the smart contracts for the m2 mainnet upgrade, as well as analyze the upgrade path from the current mainnet deployment to the target contracts. #### Repositories This upgrade deploys contracts in three repositories: 1. [`eigenlayer-contracts`](https://github.com/layr-Labs/eigenlayer-contracts/) -- [`dev @ 6e58870`](https://github.com/Layr-Labs/eigenlayer-contracts/commit/6e588701c5f543ae4cd34fe9c6567cc46c7eb722) * *What is this?* Our core contract repo, primarily responsible for: * restaking LSTs and beacon chain ETH * deposits/withdrawals of all assets * allowing stakers to delegate to operators (operators run nodes/infra for AVSs) 2. [`eigenlayer-middleware`](https://github.com/Layr-Labs/eigenlayer-middleware/) -- [`dev @ 61d5544`](https://github.com/Layr-Labs/eigenlayer-middleware/commit/61d554403279826fcbc38d421580811e57d29270) * *What is this?* Our AVS contract repo, which AVSs will deploy to allow operators to register and begin providing services. 3. [`eigenda`](https://github.com/Layr-Labs/eigenda) -- [`master @ 91838ba`](https://github.com/Layr-Labs/eigenda/commit/91838ba58b8e2525c7fd1e4db5e9903551eed326) * *What is this?* Our AVS offchain repository - mostly offchain components, but also contains the [`EigenDAServiceManager.sol`](https://github.com/Layr-Labs/eigenda/blob/91838ba58b8e2525c7fd1e4db5e9903551eed326/contracts/src/core/EigenDAServiceManager.sol) contract, which inherits from contracts in the middleware repository. The default branches for each of these contain the contracts we'll be deploying for m2 mainnet. #### Out of Scope * Scripts and test files (though it may be a good idea to look through these to understand how things work!) * Offchain components (most of the EigenDA repo is offchain components!) * Paused functionality on mainnet: lots of current M1 code on mainnet has been paused since deployment, and will not be unpaused. Please check that any mainnet functions you're looking at are unpaused - if they're paused, chances are it's not worth your time! --- ### Current Deployments :::success Quick links to all deployed contracts: * `eigenlayer-contracts`: * [mainnet deployment](https://docs.eigenlayer.xyz/eigenlayer/deployed-contracts/#current-mainnet-deployment) * [goerli deployment](https://docs.eigenlayer.xyz/eigenlayer/deployed-contracts/#current-testnet-deployment) * `eigenlayer-middleware`/`eigenda`: * [goerli deployment](https://docs.eigenlayer.xyz/eigenda/deployed-contracts#current-testnet-deployment) ::: #### Core Contracts The M1 version of the core repo has been live on mainnet for several months. The mainnet deployment is a much older version of the `eigenlayer-contracts` repo - and, crucially, a large number of contract methods have been permanently paused on mainnet. :::danger When analyzing the M1->M2 upgrade path, PLEASE check if the M1 function you're looking at is paused on mainnet. If it is, it has been paused since deployment and we'll likely consider issues with upgrading that concern this function to be out of scope. ::: The following **M1 mainnet contracts** have some or all functionality paused: * [`Slasher`](https://etherscan.io/address/0xD92145c07f8Ed1D392c1B88017934E301CC1c3Cd): all methods are paused; this contract does nothing on M1 mainnet and any calls to this contract do nothing. * Note, this won't change for M2 mainnet. The Slasher will remain non-functional until a future upgrade. This is the only contract that will remain unusable - all other contracts will be active/unpaused as of the M2 upgrade. * [`DelegationManager`](https://etherscan.io/address/0x39053D51B77DC0d36036Fc1fCc8Cb819df8Ef37A): all methods are paused; this contract does nothing on M1 mainnet and any calls to this contract are no-ops. * [`EigenPodManager`](https://etherscan.io/address/0x91E677b07F7AF907ec9a428aafA9fc14a0d3A338) has several pause flags set: * `PAUSED_WITHDRAW_RESTAKED_ETH` * Prevents calls to `withdrawRestakedBeaconChainETH`, which is called from the `StrategyManager`. It is not possible to withdraw native eth via the `StrategyManager`. * `PAUSED_EIGENPODS_VERIFY_CREDENTIALS` * Prevents calls to `EigenPod.verifyWithdrawalCredentialsAndBalance`. Beacon chain proofs are not active on m1 mainnet. * `PAUSED_EIGENPODS_VERIFY_OVERCOMMITTED` * Prevents calls to `EigenPod.verifyWithdrawalCredentialsAndBalance`. Beacon chain proofs are not active on m1 mainnet. * `PAUSED_EIGENPODS_VERIFY_WITHDRAWAL` * Prevents calls to `EigenPod.verifyAndProcessWithdrawal`. Beacon chain proofs are not active on m1 mainnet. #### Middleware/EigenDA Contracts As an AVS, EigenDA has a testnet deployment of its own, unmodified copy of the middleware contracts, along with an `EigenDAServiceManager` contract. EigenDA has no mainnet deployment. --- ### Documentation :::success Quick links: * [Core technical documentation](https://github.com/Layr-Labs/eigenlayer-contracts/tree/dev/docs) * [Middleware technical documentation](https://github.com/Layr-Labs/eigenlayer-middleware/tree/dev/docs) ::: The main READMEs for the core and middleware repos should be good pointers to some helpful resources. The documentation linked above is our most up-to-date contract-level resource. For the core repo specifically, the technical docs also contain a number of [user flow diagrams](https://github.com/Layr-Labs/eigenlayer-contracts/tree/dev/docs#common-user-flows) that should be helpful in understanding how users interact with our contracts. If you're interested in understanding more about our user flows, both the core and middleware repo integration tests are worth looking into: * [Core integration tests](https://github.com/Layr-Labs/eigenlayer-contracts/tree/dev/src/test/integration) * [Middleware integration tests](https://github.com/Layr-Labs/eigenlayer-middleware/tree/dev/test/integration) #### Audit Reports Links to our two latest audit reports: * [Sigma Prime - Core Contracts - Feb'24](https://github.com/Layr-Labs/eigenlayer-contracts/blob/dev/audits/Sigma%20Prime%20-%20Core%20Audit%20-%20v2.0%20FINAL%20-%20Feb'24.pdf) * [Dedaub - Middleware/EigenDA - Feb'24](https://github.com/Layr-Labs/eigenlayer-middleware/blob/dev/audits/Dedaub%20-%20Middleware%20Audit%20-%20Final%20-%20Feb'24.pdf) --- ### Concerns - Core Contracts ##### DelegationManager Issues with withdrawal processing and completion that: * Causes missing or extra shares (or delegated shares) * Causes shares to be delegated to multiple operators at the same time Specific things to look at: * Withdrawing as shares vs as tokens * Withdrawing LSTs vs native ETH vs both * Withdrawing with vs without a separate "withdrawer" address ##### EigenPod/EigenPodManager Issues with proof system, state machine, or multi-validator accounting that: * Causes funds to get stuck * Allows anyone to submit invalid proofs * Allows anyone to prove something more than once Specific things to look at: * Multiple validators within the same EigenPod * Validators that update their withdrawal credentials to an EigenPod (BLS key update on beacon chain), rather than deploying a new EigenPod * Balance update proofs and slashed beacon chain validators ##### StrategyManager Issues with LSTs: * Strategy accounting or deposit/withdrawal handling * Weird ERC20 behaviors bleeding into other parts of the system * Upgradable LST token affording significant access if leveraged by third party devs