> For the complete documentation index, see [llms.txt](https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-38-eigen-layer/incorrect-share-issuance-due-to-strategy-updates-in-eigenlayer-integrations.md). # Incorrect Share Issuance Due to Strategy Updates in EigenLayer Integrations **Overview of the Vulnerability** In decentralized protocols that leverage **EigenLayer** for staking or asset management, the process of updating strategies is crucial to maintaining optimal performance and returns. However, if the protocol does not correctly account for all assets when switching strategies, it can lead to the **incorrect issuance of shares**, which poses a significant risk to the financial integrity of the protocol. This vulnerability typically occurs when the protocol only checks the balance of assets in the new strategy, ignoring assets that are still held in the old strategy. As a result, users may receive more shares than they should, leading to financial imbalances, dilution of existing shares, and unfair advantages for new depositors. This issue can be especially critical in **EigenLayer** integrations, where protocols use re-staking mechanisms to provide security to multiple decentralized services. Mismanaging the update process for these strategies can disrupt the accurate issuance of shares, affecting both the protocol’s financial stability and user trust. *** #### How the Vulnerability Occurs in EigenLayer Integrations 1. **Asset Deposit into the Original Strategy**: Users deposit assets into a strategy integrated with EigenLayer, receiving shares proportional to the value of the assets managed by that strategy. EigenLayer handles cross-chain staking or re-staking operations, making these deposits essential for maintaining security. 2. **Strategy Update**: The protocol decides to update or change the staking or asset management strategy. This could be due to new opportunities or risk adjustments within EigenLayer. However, the issue arises when the protocol updates to a new strategy but fails to account for assets that remain staked in the **previous strategy**. 3. **Incorrect Share Calculation**: When users continue to deposit assets after the strategy update, the protocol only checks the balance of assets in the **new strategy**. Since assets still exist in the old strategy, the protocol calculates the share issuance based on an incomplete total asset balance, issuing more shares than users should receive. 4. **Financial Discrepancy**: As a result, new depositors receive more shares than they are entitled to, diluting the value of shares held by previous users. This imbalance can lead to financial instability in the protocol and disrupt the normal operation of EigenLayer re-staking mechanisms. *** #### Causes of the Vulnerability in EigenLayer Integrations 1. **Failure to Account for Old Strategy Assets**: The primary cause of this vulnerability is that the protocol does not account for the assets held in the old strategy when updating to a new one. This results in incorrect calculations for total deposits, which in turn leads to the issuance of excess shares. 2. **Incomplete Migration of Assets**: During the strategy update, assets from the old strategy may not be fully migrated to the new one. Without accurate tracking of these assets across EigenLayer's strategies, the protocol's share issuance logic becomes flawed. 3. **Outdated Data in Asset Pricing Feeds**: EigenLayer re-staking involves dynamic price feeds and asset valuation. If the protocol uses outdated or incorrect price data from the old strategy, it can lead to miscalculations when issuing shares for new deposits. *** #### Impact of the Vulnerability * **Dilution of Existing Shares**: When users are issued more shares than they should receive, it dilutes the value of shares already held by other users. This creates a financial imbalance, reducing the fairness and integrity of the protocol. * **Unfair Advantage for New Depositors**: New users can take advantage of the incorrect share issuance, receiving more shares than their deposits are worth. This gives them an unfair advantage and damages the protocol’s trustworthiness. * **Financial Instability**: Over time, the continuous issuance of excess shares can lead to broader financial instability within the protocol, especially in EigenLayer integrations where the protocol’s security and staking mechanisms are vital. *** #### Mitigation Strategies for EigenLayer Integrations **1. Ensure Complete Accounting During Strategy Updates** When updating strategies in an EigenLayer integration, it’s essential to ensure that all assets from both the old and new strategies are accounted for in the total asset balance. This can be done by: * Tracking the balance of both the old and new strategies during the update process. * Ensuring that the total asset value reflects all staked assets, including those held in the old strategy, to maintain accurate share calculations. **. Migrate Assets Between Strategies** Implement a robust migration mechanism to move assets from the old strategy to the new strategy in EigenLayer. This will help prevent assets from being left behind in the old strategy, which can cause miscalculations during share issuance. * **How It Works**: When the strategy is updated, assets should be transferred seamlessly to the new strategy or accounted for in both strategies to avoid discrepancies. #### Conclusion Incorrect share issuance due to strategy updates is a significant vulnerability in decentralized protocols, particularly in **EigenLayer** integrations where cross-chain staking and re-staking mechanisms play a critical role. When a protocol updates its strategy, it must account for all assets held in both the old and new strategies to ensure that shares are issued accurately. By ensuring proper accounting during strategy updates, using accurate price feeds, and auditing share issuance regularly, developers can prevent financial imbalances and protect the integrity of their EigenLayer-based protocols. Implementing these best practices will help safeguard user assets, maintain fair share distribution, and ensure the stability of the protocol in the long run. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-38-eigen-layer/incorrect-share-issuance-due-to-strategy-updates-in-eigenlayer-integrations.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.