Mellow DVT Vault boost scope

Summary for Mellow LRT Contracts and Integration with the Lido Protocol

Overview

With Mellow LRT, users can stake their LST tokens (or ether being converted to LST) in a set of vaults, each implementing different rewards seeking strategies. The vaults are largely focused on various restaking protocols and AVSes with an ongoing genesis case for representing LRTs built on top of the wstETH bond collateral in Symbiotic, however, the upcoming Decentralized Validator Vault (DVV) implements a separate strategy not connected with restaking per se.

DVV integration with the Lido on Ethereum protocol

As part of the integration with the Lido protocol, there is a set of contracts (StakingModule.sol and DefaultObolStakingStrategy.sol) designed to work with the Lido Simple DVT Module (operators.lido.fi).

This allows staking ETH from the DVV into Obols and SSV's validator sets via SimpleDVT staking module through StakingRouter and then (when the corresponding strategies are plugged to the vault, sic!) restaking it based on a chosen strategy.

Configuration and Setup

Given that the architecture of Mellow Vaults is designed for universal application and has a complex configuration system, it is crucial to approach the initial setup with great responsibility.

The flow and particular configuration parameters are defined in DVV specification.

Focus

While revealing vulnerabilities in the generalized setup has unquestionable importance, the main focus should be on the areas defined by the DVV configuration parameters and their corresponding integrations with Lido.

Two scenarios should be considered explicitly:

When the DVV is deployed and used together with the Lido protocol's SimpleDVT module without re-staking but involving a modified off-chain deposit bot sending txes via a private mempool to have a priority for SimpleDVT and decrease probability of the withdrawal demand pressure, see also this issue
When the DVV is upgraded later by appending on top restaking strategies for Symbiotic (plugging in DefaultBondModule, DefaultBondTvlModule, DefaultBondStrategy contracts similar to the existing deployments for Steakhouse, Re7, Mev Capital, and P2P)

Therefore, the scope should include the Lido protocol contracts with which the Vault interacts, specifically in the context of logical and flow interconnections.

The vault should be isolated by any potential security incident impact from the protocol.

Deployed Contracts

included into Vault and Lido integration setup (nSLOC: 1281):

0x5E362eb2c0706Bd1d134689eC75176018385430B	./src/Vault.sol 	                       454
0xDee41701310f48744e6Bb4A5df6B5e714cE49133	./src/VaultConfigurator.sol 	               365
    -	                                      ./src/modules/DefaultModule.sol 	        13
0x2c73350310C2b8c721d8192bd7620D1DCB1219ce	./src/modules/erc20/ERC20TvlModule.sol 	15
0xD570E16E3B62F05EcF3ff2706D331B7f56453adA	./src/modules/obol/StakingModule.sol 	        77
0x39D5F9aEbBEcba99ED5d707b11d790387B5acB63	./src/oracles/ChainlinkOracle.sol 	        65
0x278798AE6ea76ae75b381eA0D8DF140C1D5a7712	./src/oracles/ConstantAggregatorV3.sol 	12
0xFeAFe509fae65962EF81555E3f078D58aF7ca3e9	./src/oracles/ManagedRatiosOracle.sol 	30
0x966a3b1c9d477D113630290F037b12349649d1bd	./src/oracles/WStethRatiosAggregatorV3.sol 	16
0xB8eF363E1909665c18BF0CB72Cba9a8152413A2E	./src/security/DefaultProxyImplementation.sol 12
0x969A0c7699ad0AC38fE05117c81D662762443E07	./src/security/Initializer.sol 	        25
0x078b1C03d14652bfeeDFadf7985fdf2D8a2e8108	./src/strategies/SimpleDVTStakingStrategy.sol 57
    -	                                      ./src/utils/DefaultAccessControl.sol           44
0xA1b3a352c3fC7cfcBD36381CC2D0b157d6843473	./src/validators/ManagedValidator.sol 	96

Total nSLOC: 1281