🔎
Analysis of oDAO Duties
  • Intro
  • Overview of Duties
    • ETH Balance Submission
    • MEV Penalties
    • Contract Upgrades
    • Scrub Check - Withrawal Credentials
    • Reward Tree - RPL Rewards
    • RPL Price Submisson
    • oDAO Settings
    • Reward Tree - Smoothing Pool
    • Scrub Check - Solo Migration
    • Scrub Check - LEB8 Migration
    • [TODO] pDAO/Guardian
  • Verifiable Off-Chain Calculations
  • Guardrails - Balance Submission
  • Guardrails - MEV Penalties
  • Fraud Proof Scrubs
  • MEV Stealing Proofs
  • MEV - Negative BC Commission
  • Fraud Proof Challenge Period
Powered by GitBook
On this page
  1. Overview of Duties

Scrub Check - Withrawal Credentials

PreviousContract UpgradesNextReward Tree - RPL Rewards

Last updated 2 years ago

In October 2021, a around the interaction with the deposit contract was discovered. In short, it was possible for a node operator to set withdrawal credentials other than the intended minipool smart contract and effectively steal the portion coming from rETH by frontrunning the deposit to the deposit contract.

Rocket Pool this issue by doing two separate deposits into the deposit contract. The first one uses ETH coming from the node operator. A scrub period was introduced before the second deposit. During that period, the oDAO verifies that the first deposit happened as expected and nobody frontran it. If at least 51% of members vote to scrub a minipool, that minipool is dissolved and ETH from the rETH side is returned. A RPL penalty for the node operator is currently deactivated.

This duty introduces a high level of trust for rETH holders since a compromised oDAO would be able to execute the withdrawal credential exploit.

vulnerability
addressed