EtherFi
Off-Chain (Private)
Audited on 2023/02/25
No active critical issues
Summary
Ether.fi is a revolutionary decentralized staking protocol that aims to provide stakers with greater control over their funds and the flexibility to delegate validator operations to a node operator without sacrificing the security of their assets.
Issues (5)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 1 | - | 1 | - | 2 |
Fixed | 2 | 1 | - | - | 3 |
| Total | 3 | 1 | 1 | 0 | 5 |
Centralization Risks in EarlyAdopterPool.sol
not_fixed/high
In the contract `EarlyAdopterPool` the role `_owner` has authority over the functions shown in the diagram below. Any compromise to the `_owner` account may allow the hacker to take advantage of this authority.  - set claiming to be opened, to allow users to claim their points. The hacker could use this authority to prevent users claim their points and transfer funds. - set the contract which will receive claimed funds. The hacker could use this authority to steal the claimed funds.
Third Party Dependency
not_fixed/low
The contract is serving as the underlying entity to interact with one or more third party protocols. The scope of the audit treats third party entities as black boxes and assume their functional correctness. However, in the real world, third parties can be compromised and this may lead to lost or stolen assets. In addition, upgrades of third parties can possibly create severe impacts, such as increasing fees of third parties, migrating to new LP pools, etc. ```solidity=85 rETH = _rETH; wstETH = _wstEth; sfrxEth = _sfrxEth; rETHInstance = IERC20(_rETH); wstETHInstance = IERC20(_wstEth); sfrxEthInstance = IERC20(_sfrxEth); ``` - The contract `EarlyAdopterPool` interacts with third party contract with `IERC20` interface via `rETHInstance/wstETHInstance/sfrxEthInstance`.
Contract (1)
| # | File Name |
|---|---|
| 1 | src/EarlyAdopterPool.sol |