Description

In the event of a supply-chain style attack, where one of our Node Operator partners is compromised, an attacker could manipulate the information sent to the Mantle LSP system in order to attempt to steal funds. For example, a "rogue" Node Operator could:

• Pass deposit information with incorrect withdrawal credentials

• Using the validator keys to sign a valid transaction which front-runs a legitimate deposit with different withdrawal credentials, resulting in the "real" deposit being credited to them as a top-up.

Mitigation

To ensure that the protocol is fully protected from these cases, the off-chain services always:

• Cryptographically verify deposit data to ensure it matches the protocol's withdrawal address

• Searches all validators and (pending deposit events) to ensure that a validator has not already been used.

• Validates the state of the beacon deposit contract to stop any front-running.

With these checks in place, it is not possible for a compromised node operator to steal protocol principals and consensus layer rewards.