DittoETH

Summary

RocketPool’s rETH token has a built in hook called _beforeTokenTransfer that's called in the transfer function which can restrict transferring to only when the depositDelay value has been met, this can be set by the DAO governing the RocketPool protocol and previously this value had been set to 5760 blocks (~19hrs). Any call to rETH's stake function resets the lastDepositBlock which is compared to depositDelay and determines when the user can withdraw, so if the depositEth function is being frequently called in BridgeRouterFacet this prevents users from removing their rETH from the system because lastDepositBlock will never be greater than depositDelay.

Vulnerability Details

Currently the _beforeTokenTransfer has no depositDelay set, but this could be changed by a governance vote by the RocketPool DAO. If the system expects to have high throughput with users calling depositEth frequently, this would subsequently reset the time for other users to withdraw each time and would prevent any rETH holders from exiting the system because this effects all transfers, not just calls to transfer directly, as calls to the BridgeRouterFacet::unstakeEth also call transfer on the rETH token when burning.

There is also the potential for an attacker to intentionally DOS rETH depositors by continuously depositing the minimum amount of ETH within a 19 hour window (if the depositDelay were set to 5760 blocks again), so that calls to withdraw or unstakeEth always revert.

This makes the ability to withdraw a potentially large fraction (given that stETH is the only other currently supported LST) of the collateral in the system dependent on future implementation decisions of a the RocketPool protocol, making the two tightly coupled.

This is similar to the issue identified here: https://solodit.xyz/issues/m-08-possible-dos-on-unstake-code4rena-asymmetry-finance-asymmetry-contest-git

Impact

User's can be DOS'd from withdrawing rETH from the system.

Tools Used

Manual Review

Recommendations

The Uniswap ETH/rETH pool could allow users to obtain rETH by swapping for it instead of directly staking in the protocol which prevents any potential future issues with depositDelay being set. This could be coupled with a circuit-breaker that only falls back to the Uniswap pool if the depositDelay value is set so that while it's not set users get a better price and are only subject to the slippage of the Uniswap pool if it's necessary to allow withdrawals.