Summary

Withdrawing from Reth pool can be blocked, because when someone deposits to rocket pool, than it is allowed to withdraw(burn) only after some amount of blocks have passed. This will block unstake.

Vulnerability Details

To unstake from rocket pool, BridgeReth.unstake function is called.

This function simply, burns its rocket token and sends native amount to user.

The problem is that inside rocket pool RocketTokenRETH contract, when burn function will be called, then _beforeTokenTransfer function will be called.
As you can see, this function checks, when last deposit of from account occured. And then it checks, that some amount of blocks already passed since last deposit. Otherwise it will revert and will not allow to burn tokens.

So every time, when BridgeReth contract deposits to rocket pool, then lastDepositBlock is updated for it and then withdrawals are blocked for depositDelay amount of blocks. As result, users can't withdraw from this bridge.

Looks like currently, there is no delay inside rocket pool, but can be set in future, which will block unstaking after any deposit.

This is original issue.

Impact

Unstaking from rocket may not work.

Tools Used

VsCode

Recommendations

Consider another options to get rEth, like uniswap.