[M-01] + [M-02] + [M-04] + [I-03] + [I-05] audit fixes

Author: solipsis

src/EtherFiNode.sol

@@ -1,16 +1,19 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.27;
 
+import {IEtherFiNode} from "../src/interfaces/IEtherFiNode.sol";
+import {IEtherFiNodesManager} from "../src/interfaces/IEtherFiNodesManager.sol";
+import {IRoleRegistry} from "../src/interfaces/IRoleRegistry.sol";
+import {ILiquidityPool} from "../src/interfaces/ILiquidityPool.sol";
+
 import {IDelegationManager} from "../src/eigenlayer-interfaces/IDelegationManager.sol";
+import {IDelegationManagerTypes} from "../src/eigenlayer-interfaces/IDelegationManager.sol";
 import {IEigenPodManager} from "../src/eigenlayer-interfaces/IEigenPodManager.sol";
 import {IEigenPod} from "../src/eigenlayer-interfaces/IEigenPod.sol";
+import {IStrategy} from "../src/eigenlayer-interfaces/IStrategy.sol";
 import {BeaconChainProofs} from "../src/eigenlayer-libraries/BeaconChainProofs.sol";
-import {IERC20} from "../lib/openzeppelin-contracts/contracts/interfaces/IERC20.sol";
 
-import {IEtherFiNode} from "../src/interfaces/IEtherFiNode.sol";
-import {IEtherFiNodesManager} from "../src/interfaces/IEtherFiNodesManager.sol";
-import {IRoleRegistry} from "../src/interfaces/IRoleRegistry.sol";
-import {ILiquidityPool} from "../src/interfaces/ILiquidityPool.sol";
+import {IERC20} from "../lib/openzeppelin-contracts/contracts/interfaces/IERC20.sol";
 import {LibCall} from "../lib/solady/src/utils/LibCall.sol";
 
 contract EtherFiNode is IEtherFiNode {
@@ -48,6 +51,8 @@ contract EtherFiNode is IEtherFiNode {
         roleRegistry = IRoleRegistry(_roleRegistry);
     }
 
+    fallback() external payable {}
+
     //--------------------------------------------------------------------------------------
     //---------------------------- Eigenlayer Interactions  --------------------------------
     //--------------------------------------------------------------------------------------
@@ -80,32 +85,42 @@ contract EtherFiNode is IEtherFiNode {
         getEigenPod().verifyCheckpointProofs(balanceContainerProof, proofs);
     }
 
-
-    /// @dev queue a withdrawal from eigenlayer. You must wait EIGENLAYER_WITHDRAWAL_DELAY_BLOCKS before claiming.
+    /// @dev convenience function to queue a beaconETH withdrawal from eigenlayer. You must wait EIGENLAYER_WITHDRAWAL_DELAY_BLOCKS before claiming.
     ///   It is fine to queue a withdrawal before validators have finished exiting on the beacon chain.
-    function queueWithdrawal(IDelegationManager.QueuedWithdrawalParams calldata params) external onlyAdmin returns (bytes32 withdrawalRoot) {
+    function queueETHWithdrawal(uint256 amount) external onlyAdmin returns (bytes32 withdrawalRoot) {
+
+        // beacon eth is always 1 to 1 with deposit shares
+        uint256[] memory depositShares = new uint256[](1);
+        depositShares[0] = amount;
+        IStrategy[] memory strategies = new IStrategy[](1);
+        strategies[0] = IStrategy(address(0xbeaC0eeEeeeeEEeEeEEEEeeEEeEeeeEeeEEBEaC0));
+
+        IDelegationManagerTypes.QueuedWithdrawalParams[] memory paramsArray = new IDelegationManagerTypes.QueuedWithdrawalParams[](1);
+        paramsArray[0] = IDelegationManagerTypes.QueuedWithdrawalParams({
+            strategies: strategies, // beacon eth
+            depositShares: depositShares,
+            __deprecated_withdrawer: address(this)
+        });
 
-        // Implemented this way for convenience because we almost never queue multiple withdrawals at the same time
-        IDelegationManager.QueuedWithdrawalParams[] memory paramsArray = new IDelegationManager.QueuedWithdrawalParams[](1);
-        paramsArray[0] = params;
         return delegationManager.queueWithdrawals(paramsArray)[0];
     }
 
-    /// @dev completes all queued withdrawals that are currently claimable.
+
+    /// @dev completes all queued beaconETH withdrawals that are currently claimable.
     ///   Note that since the node is usually delegated to an operator,
     ///   most of the time this should be called with "receiveAsTokens" = true because
     ///   receiving shares while delegated will simply redelegate the shares.
-    function completeQueuedWithdrawals(bool receiveAsTokens) external onlyAdmin {
+    function completeQueuedETHWithdrawals(bool receiveAsTokens) external onlyAdmin {
 
         // because we are just dealing with beacon eth we don't need to populate the tokens[] array
-        IERC20[] memory tokens;
+        IERC20[] memory tokens = new IERC20[](1);
 
         (IDelegationManager.Withdrawal[] memory queuedWithdrawals, ) = delegationManager.getQueuedWithdrawals(address(this));
         for (uint256 i = 0; i < queuedWithdrawals.length; i++) {
 
             // skip this withdrawal if not enough time has passed
             uint32 slashableUntil = queuedWithdrawals[i].startBlock + EIGENLAYER_WITHDRAWAL_DELAY_BLOCKS;
-            if (uint32(block.number) > slashableUntil) continue;
+            if (uint32(block.number) < slashableUntil) continue;
 
             delegationManager.completeQueuedWithdrawal(queuedWithdrawals[i], tokens, receiveAsTokens);
         }
@@ -117,9 +132,26 @@ contract EtherFiNode is IEtherFiNode {
         }
     }
 
+    /// @dev queue a withdrawal from eigenlayer. You must wait EIGENLAYER_WITHDRAWAL_DELAY_BLOCKS before claiming.
+    ///   For the general case of queuing a beaconETH withdrawal you can use queueETHWithdrawal instead.
+    function queueWithdrawals(IDelegationManager.QueuedWithdrawalParams[] calldata params) external onlyAdmin returns (bytes32[] memory withdrawalRoots) {
+        return delegationManager.queueWithdrawals(params);
+    }
+
+    /// @dev complete an arbitrary withdrawal from eigenlayer.
+    ///   For the general case of claiming beaconETH withdrawals you can use completeQueuedETHWithdrawals instead.
+    function completeQueuedWithdrawals(
+        IDelegationManager.Withdrawal[] calldata withdrawals,
+        IERC20[][] calldata tokens,
+        bool[] calldata receiveAsTokens
+    ) external onlyAdmin {
+        delegationManager.completeQueuedWithdrawals(withdrawals, tokens, receiveAsTokens);
+    }
+
+
     // @notice transfers any funds held by the node to the liquidity pool.
     // @dev under normal operations it is not expected for eth to accumulate in the nodes,
-    //      this is just to handle any exceptional cases such as someone sending directly to the node.
+    //    this is just to handle any exceptional cases such as someone sending directly to the node.
     function sweepFunds() external onlyAdmin {
             (bool sent, ) = payable(address(liquidityPool)).call{value: address(this).balance, gas: 20000}("");
             if (!sent) revert TransferFailed();

src/EtherFiNodesManager.sol

@@ -91,12 +91,24 @@ contract EtherFiNodesManager is
         IEtherFiNode(etherfiNodeAddress(id)).setProofSubmitter(proofSubmitter);
     }
 
-    function queueWithdrawal(uint256 id, IDelegationManager.QueuedWithdrawalParams calldata params) external onlyCallForwarder returns (bytes32 withdrawalRoot) {
-        return IEtherFiNode(etherfiNodeAddress(id)).queueWithdrawal(params);
+    function queueETHWithdrawal(uint256 id, uint256 amount) external onlyCallForwarder returns (bytes32 withdrawalRoot) {
+        return IEtherFiNode(etherfiNodeAddress(id)).queueETHWithdrawal(amount);
     }
 
-    function completeQueuedWithdrawals(uint256 id, bool receiveAsTokens) external onlyCallForwarder {
-        IEtherFiNode(etherfiNodeAddress(id)).completeQueuedWithdrawals(receiveAsTokens);
+    function completeQueuedETHWithdrawals(uint256 id, bool receiveAsTokens) external onlyCallForwarder {
+        IEtherFiNode(etherfiNodeAddress(id)).completeQueuedETHWithdrawals(receiveAsTokens);
+    }
+
+    function queueWithdrawals(uint256 id, IDelegationManager.QueuedWithdrawalParams[] calldata params) external onlyCallForwarder {
+        IEtherFiNode(etherfiNodeAddress(id)).queueWithdrawals(params);
+    }
+
+    function completeQueuedWithdrawal(uint256 id, IDelegationManager.Withdrawal[] calldata withdrawals, IERC20[][] calldata tokens, bool[] calldata receiveAsTokens) external onlyCallForwarder {
+        IEtherFiNode(etherfiNodeAddress(id)).completeQueuedWithdrawals(withdrawals, tokens, receiveAsTokens);
+    }
+
+    function sweepFunds(uint256 id) external onlyCallForwarder {
+        IEtherFiNode(etherfiNodeAddress(id)).sweepFunds;
     }
 
     //-------------------------------------------------------------------

src/interfaces/IEtherFiNode.sol

@@ -12,10 +12,13 @@ interface IEtherFiNode {
     function createEigenPod() external returns (address);
     function getEigenPod() external view returns (IEigenPod);
     function startCheckpoint() external;
-    function setProofSubmitter(address _newProofSubmitter) external;
-    function queueWithdrawal(IDelegationManager.QueuedWithdrawalParams calldata params) external returns (bytes32 withdrawalRoot);
-    function completeQueuedWithdrawals(bool receiveAsTokens) external;
+    function setProofSubmitter(address newProofSubmitter) external;
     function verifyCheckpointProofs(BeaconChainProofs.BalanceContainerProof calldata balanceContainerProof, BeaconChainProofs.BalanceProof[] calldata proofs) external;
+    function queueETHWithdrawal(uint256 amount) external returns (bytes32 withdrawalRoot);
+    function completeQueuedETHWithdrawals(bool receiveAsTokens) external ;
+    function queueWithdrawals(IDelegationManager.QueuedWithdrawalParams[] calldata params) external returns (bytes32[] memory withdrawalRoot);
+    function completeQueuedWithdrawals(IDelegationManager.Withdrawal[] calldata withdrawals, IERC20[][] calldata tokens, bool[] calldata receiveAsTokens) external;
+    function sweepFunds() external;
 
     // call forwarding
     function forwardEigenPodCall(bytes memory data) external returns (bytes memory);

src/interfaces/IEtherFiNodesManager.sol

@@ -20,9 +20,12 @@ interface IEtherFiNodesManager {
     function createEigenPod(uint256 id) external returns (address);
     function startCheckpoint(uint256 id) external;
     function verifyCheckpointProofs(uint256 id, BeaconChainProofs.BalanceContainerProof calldata balanceContainerProof, BeaconChainProofs.BalanceProof[] calldata proofs) external;
-    function setProofSubmitter(uint256 id, address _newProofSubmitter) external;
-    function queueWithdrawal(uint256 id, IDelegationManager.QueuedWithdrawalParams calldata params) external returns (bytes32 withdrawalRoot);
-    function completeQueuedWithdrawals(uint256 id, bool receiveAsTokens) external;
+    function setProofSubmitter(uint256 id, address newProofSubmitter) external;
+    function queueETHWithdrawal(uint256 id, uint256 amount) external returns (bytes32 withdrawalRoot);
+    function completeQueuedETHWithdrawals(uint256 id, bool receiveAsTokens) external;
+    function queueWithdrawals(uint256 id, IDelegationManager.QueuedWithdrawalParams[] calldata params) external;
+    function completeQueuedWithdrawal(uint256 id, IDelegationManager.Withdrawal[] calldata withdrawals, IERC20[][] calldata tokens, bool[] calldata receiveAsTokens) external;
+    function sweepFunds(uint256 id) external;
 
     // call forwarding
     function updateAllowedForwardedExternalCalls(bytes4 selector, address target, bool allowed) external;

test/common/ArrayTestHelper.sol

@@ -26,12 +26,16 @@ contract ArrayTestHelper {
         vals[0] = val;
         return vals;
     }
+    function toArray_bytes(bytes memory val) public pure returns (bytes[] memory) {
+        bytes[] memory vals = new bytes[](1);
+        vals[0] = val;
+        return vals;
+    }
     function toArray(IDelegationManager.Withdrawal memory withdrawal) public pure returns (IDelegationManager.Withdrawal[] memory) {
         IDelegationManager.Withdrawal[] memory vals = new IDelegationManager.Withdrawal[](1);
         vals[0] = withdrawal;
         return vals;
     }
-
     function toArray(IStakingManager.DepositData memory deposit) public pure returns (IStakingManager.DepositData[] memory) {
         IStakingManager.DepositData[] memory vals = new IStakingManager.DepositData[](1);
         vals[0] = deposit;

test/prelude.t.sol

@@ -28,6 +28,7 @@ contract PreludeTest is Test, ArrayTestHelper {
     NodeOperatorManager nodeOperatorManager = NodeOperatorManager(0xd5edf7730ABAd812247F6F54D7bd31a52554e35E);
 
     address admin = vm.addr(0x9876543210);
+    address forwarder = vm.addr(0x1234567890);
     address stakingDepositContract = address(0x00000000219ab540356cBB839Cbe05303d7705Fa);
     address eigenPodManager = address(0x91E677b07F7AF907ec9a428aafA9fc14a0d3A338);
     address delegationManager = address(0x39053D51B77DC0d36036Fc1fCc8Cb819df8Ef37A);
@@ -79,6 +80,7 @@ contract PreludeTest is Test, ArrayTestHelper {
         roleRegistry.grantRole(etherFiNodeImpl.ETHERFI_NODE_ADMIN_ROLE(), address(etherFiNodesManager));
         roleRegistry.grantRole(etherFiNodeImpl.ETHERFI_NODE_ADMIN_ROLE(), address(stakingManager));
         roleRegistry.grantRole(etherFiNodesManager.ETHERFI_NODES_MANAGER_ADMIN_ROLE(), admin);
+        roleRegistry.grantRole(etherFiNodesManager.ETHERFI_NODES_MANAGER_CALL_FORWARDER_ROLE(), forwarder);
         roleRegistry.grantRole(stakingManager.STAKING_MANAGER_NODE_CREATOR_ROLE(), admin);
         vm.stopPrank();
 
@@ -163,6 +165,27 @@ contract PreludeTest is Test, ArrayTestHelper {
 
         vm.prank(address(liquidityPool));
         stakingManager.confirmAndFundBeaconValidators{value: confirmAmount}(toArray(confirmDepositData), validatorSize);
+    }
+
+    function test_withdrawRestakedValidatorETH() public {
+
+        bytes memory validatorPubkey = hex"892c95f4e93ab042ee39397bff22cc43298ff4b2d6d6dec3f28b8b8ebcb5c65ab5e6fc29301c1faee473ec095f9e4306";
+        bytes32 pubkeyHash = etherFiNodesManager.calculateValidatorPubkeyHash(validatorPubkey);
+        uint256 legacyID = 10885;
+
+        // force link this validator
+        vm.prank(admin);
+        etherFiNodesManager.linkLegacyValidatorIds(toArray_u256(legacyID), toArray_bytes(validatorPubkey));
+
+        vm.prank(forwarder);
+        etherFiNodesManager.queueETHWithdrawal(uint256(pubkeyHash), 1 ether);
+
+        // poke some withdrawable funds into the restakedExecutionLayerGwei storage slot of the eigenpod
+        address eigenpod = etherFiNodesManager.getEigenPod(uint256(pubkeyHash));
+        vm.store(eigenpod, bytes32(uint256(52)) /*slot*/, bytes32(uint256(50 ether / 1 gwei)));
 
+        vm.roll(block.number + (7200 * 15));
+        vm.prank(forwarder);
+        etherFiNodesManager.completeQueuedETHWithdrawals(uint256(pubkeyHash), true);
     }
 }