Description
Summary
Currently, all staking modules have the REQUEST_BURN_SHARES_ROLE role in the Burner contract, which allows the caller to lock stETH from any address that has pre-approved an amount of stETH for burning, but staking modules must only lock stETH from their contract address. Therefore, staking modules can use the less powerful REQUEST_BURN_MY_STETH_ROLE role.
Problem
The 'REQUEST_BURN_SHARES_ROLE' grants staking modules excessive permissions beyond what is necessary, violating the principle of granting only the minimum required permissions.
Implementation
It is recommended to remove the REQUEST_BURN_SHARES_ROLE from all staking modules and grant them the REQUEST_BURN_MY_STETH_ROLE instead.
This change will require minimal contract code modifications but will enhance module isolation and protocol security.
Guidelines
- I agree to follow Code of Conduct.
- I have read Lido Contribution Guide.