EigenPods Bug Fix Completed - August 29 2025
The community multisig has completed an urgent bug fix on EigenPods that could have impacted the rewards distribution feature and inflated slashable security values.
What Happened
An Immunifi bug report uncovered the following: A malicious EigenPod user can mint more beacon chain shares than they actually have by abusing withdrawal mechanics introduced with Pectra. This leads to situations where a Pod owner will receive inflated rewards and AVSs could experience miscalculated slashable stake values. Our on chain analysis reveals that no user has called this function to begin the exploit path. Given the Ethereum exit queue length of 15 days, we are taking immediate action to resolve this bug before it can be abused.
Risk & Impact
-
No customer funds at risk.
-
No evidence of the bug being exploited backed by onchain data.
-
Service remained uninterrupted.
Why We Upgraded
Even though no customers were affected, we prioritized this patch to eliminate the potential for abuse and uphold best security practices.
Details
-
Timing: Completed August 29, 2025
-
Where: Mainnet and Testnets
-
Impact to Customers: None
-
Action Required: None
-
Service Impact: No downtime, EigenPods continues to operate normally
More Information
For a detailed explanation, please see the Release Notes here.