Top 7 mistakes that lead to prompt injection you must avoid
This article explains the most common engineering and security mistakes that increase prompt injection risk, and how to avoid them when building LLM-powered systems. […]
The standard rewards distribution process (as recommended by the CLI) fails, resulting in gas loss for the AVS manager.
The OperatorDirectedRewardsSubmission struct submitted to EigenLayer undergoes validation, and the transaction will revert if any validation rules are not satisfied.
One critical rule is that the operator addresses must be in ascending order. In the AttestationCenter contract, the requestEigenBatchPayment function sorts the operators list obtained from _collectEligibleOperators. However, this list may include trailing items with a zero address, representing empty operators.
For this to happen, some operators in the queried range must meet certain conditions:
_details.operator == address(0) ||
_details.paymentStatus != PaymentStatus.REDEEMED ||
_details.lastPaidTaskNumber <= _taskNumber ||
_details.feeToClaim == 0Subsequently, this list is forwarded to the AVSGovernance contract, which passes it to EigenLayer’s RewardsCoordinator. The transaction reverts because the zero addresses appear at the end of the list and are considered smaller than the actual operator addresses.
MEDIUM – The standard rewards distribution process (as recommended by the CLI) fails, resulting in gas loss for the AVS manager.
Truncate the list of rewarded operators to eliminate empty items.
Meet Composable Security
Get throughly tested by the creators of Smart Contract Security Verification Standard
Let us help
Get throughly tested by the creators of Smart Contract Security Verification Standard