refactor(incentive-council): audit changes#1711
Merged
0xClandestine merged 6 commits intorelease-dev/incentive-councilfrom Feb 2, 2026
Merged
refactor(incentive-council): audit changes#17110xClandestine merged 6 commits intorelease-dev/incentive-councilfrom
0xClandestine merged 6 commits intorelease-dev/incentive-councilfrom
Conversation
- For most rewards submissions we were checking the amount before the fee, however operator directed rewards submissions were checking the amount afterwards creating an inconsistency.
- avs may not necessarily equal msg.sender (like in the case of EC submitting)
Addresses Certora audit findings I-02 and I-04 by updating natspec documentation to reflect current function names and architecture. - Updated pausable flag comments to reference correct function names (createRewardsForAllEarners, createOperatorDirectedOperatorSetRewardsSubmission, createUniqueStakeRewardsSubmission) - Updated createRewardsForAllEarners interface documentation to reference EmissionsController instead of deprecated token hopper contract
Collaborator
|
@claude Check the fixes for each issue indicated in the description versus each commit implementing the fix. Ensure that all issues are fixed, that no new bugs are introduced, and that there is no surplus functionality beyond what it takes to perform the fixes |
elhajin
approved these changes
Feb 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation:
Address findings from the Certora security audit of the Incentive Council implementation (January 2026).
Modifications:
_createAVSRewardsSubmissionto transfer tokens frommsg.senderinstead ofavsparameter, ensuring EmissionsController correctly sources funds for EigenDA rewards distributions_takeProtocolFeeto consistently checkisOptedInForProtocolFee[msg.sender]across all submission types, removing logic inconsistency in fee opt-in checksMAX_REWARDS_AMOUNTvalidation to check pre-fee amounts in_validateOperatorDirectedRewardsSubmission, ensuring consistent 1e38-1 cap enforcementRewardsCoordinatorStorageandIRewardsCoordinatorto reference correct function names (createRewardsForAllEarners, createOperatorDirectedOperatorSetRewardsSubmission, createUniqueStakeRewardsSubmission) and current architecture (EmissionsController vs deprecated token hopper)Result:
Improved protocol correctness and security.