Eugene Mamin

Turns out it's not possible to use the `blockHeader` for the API requests at least for some services, the workaround is in #529 (tl;dr: grab the `block` object by the...

Sorry, shouldn't be closed yet

The role is assigned permanently to `Agent` on Mainnet (see: https://vote.lido.fi/vote/162). Shall we preserve this case? NB: the same is true for `REQUEST_BURN_MY_STETH_ROLE`

Possible explanation (made on the basis of the original statement by @skozin): Let's have the following designations: - `x` is the number of tokens passed to the `transfer` function; -...

https://www.arbitraryexecution.com/blog/shared-vulnerabilities-between-erc-4626-vaults-and-vault-like-contracts-deep-dive-part-3 https://docs.openzeppelin.com/contracts/4.x/erc4626

Decided to re-open the issue because some more sophisticated approaches still exist. For instance, suppose that steps 2, 3, and 4 are reordered as 3, 4, 2 by leveraging Easy...

Hello, @eugenioclrc Thank you for reaching out and posting the issue! I can confirm that the issue and the provided exploit are valid. However, it's worth noting that this vulnerability...

> Is it allowed to publicly speak about this issue? I would like to take a post about this with a deep dive, which might help other lsd protocols and...

The article suggest another approach for mitigating the attack: https://www.trust-security.xyz/post/permission-denied It might be more coherent to use as a long-term solution. https://github.com/trust1995/trustlessPermit/tree/main ```solidity function trustlessPermit( address token, address owner, address...