feat: revert if partial withdrawals are requested on the unhealthy vault

lidofinance · Feb 10, 2025 · 60f3e68 · 60f3e68
1 parent f0d865e
commit 60f3e68
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 3 deletions.
diff --git a/contracts/0.8.25/vaults/StakingVault.sol b/contracts/0.8.25/vaults/StakingVault.sol
@@ -95,7 +95,7 @@ contract StakingVault is IStakingVault, OwnableUpgradeable {
     /**
      * @notice The type of withdrawal credentials for the validators deposited from this `StakingVault`.
      */
-    uint256 private constant WC_0x02_PREFIX = 0x02 << 248;
+    uint256 private constant WC_0X02_PREFIX = 0x02 << 248;
 
     /**
      * @notice The length of the public key in bytes
@@ -350,7 +350,7 @@ contract StakingVault is IStakingVault, OwnableUpgradeable {
      * @return Withdrawal credentials as bytes32
      */
     function withdrawalCredentials() public view returns (bytes32) {
-        return bytes32(WC_0x02_PREFIX | uint160(address(this)));
+        return bytes32(WC_0X02_PREFIX | uint160(address(this)));
     }
 
     /**
@@ -467,7 +467,16 @@ contract StakingVault is IStakingVault, OwnableUpgradeable {
         if (_refundRecipient == address(0)) revert ZeroArgument("_refundRecipient");
 
         ERC7201Storage storage $ = _getStorage();
-        if (msg.sender == $.nodeOperator || msg.sender == owner() || (valuation() < $.locked && msg.sender == address(VAULT_HUB))) {
+        bool isHealthy = valuation() >= $.locked;
+        if (!isHealthy) {
+            for (uint256 i = 0; i < _amounts.length; i++) {
+                if (_amounts[i] > 0) {
+                    revert PartialWithdrawalsForbidden();
+                }
+            }
+        }
+
+        if (msg.sender == $.nodeOperator || msg.sender == owner() || (!isHealthy && msg.sender == address(VAULT_HUB))) {
             uint256 feePerRequest = TriggerableWithdrawals.getWithdrawalRequestFee();
             uint256 totalFee = (feePerRequest * _pubkeys.length) / PUBLIC_KEY_LENGTH;
             if (value < totalFee) {
@@ -723,4 +732,9 @@ contract StakingVault is IStakingVault, OwnableUpgradeable {
      * @param _amount Amount of ether to refund
      */
     error ValidatorWithdrawalFeeRefundFailed(address _sender, uint256 _amount);
+
+    /**
+     * @notice Thrown when partial withdrawals are forbidden on an unhealthy vault
+     */
+    error PartialWithdrawalsForbidden();
 }
diff --git a/test/0.8.25/vaults/staking-vault/stakingVault.test.ts b/test/0.8.25/vaults/staking-vault/stakingVault.test.ts
@@ -874,6 +874,17 @@ describe("StakingVault.sol", () => {
         .to.emit(withdrawalRequest, "eip7002MockRequestAdded")
         .withArgs(encodeEip7002Input(SAMPLE_PUBKEY, 0n), baseFee);
     });
+
+    it("reverts if partial withdrawals is called on an unhealthy vault", async () => {
+      await stakingVault.fund({ value: ether("1") });
+      await stakingVault.connect(vaultHubSigner).report(ether("0.9"), ether("1"), ether("1.1")); // slashing
+
+      await expect(
+        stakingVault
+          .connect(vaultOwner)
+          .requestValidatorWithdrawals(SAMPLE_PUBKEY, [ether("1")], vaultOwnerAddress, { value: 1n }),
+      ).to.be.revertedWithCustomError(stakingVault, "PartialWithdrawalsForbidden");
+    });
   });
 
   context("computeDepositDataRoot", () => {