# EigenLayerVerifier

### Overview

`EigenLayerVerifier` is a custom `ICustomVerifier` implementation tailored to securely authorize calls to **EigenLayer** contracts like `DelegationManager`, `StrategyManager`, and `RewardsCoordinator`. It uses strict role-based gating, exact calldata matching, and entity-specific validation to ensure that only authorized vaults and bots can interact with EigenLayer staking, delegation, withdrawal, and rewards workflows.

### Purpose

This verifier protects EigenLayer operations by:

* Ensuring only whitelisted entities (vaults, strategies, operators) can execute actions
* Verifying target contracts and function selectors precisely
* Enforcing exact calldata encoding to eliminate any ambiguity or abuse

### Role Definitions

| Role Constant       | Description                                                           |
| ------------------- | --------------------------------------------------------------------- |
| `CALLER_ROLE`       | Address allowed to initiate EigenLayer calls (typically curators)     |
| `ASSET_ROLE`        | Whitelisted ERC20 token allowed in strategy deposits or withdrawals   |
| `STRATEGY_ROLE`     | Whitelisted EigenLayer strategy contracts                             |
| `OPERATOR_ROLE`     | Approved EigenLayer operator address for delegation                   |
| `MELLOW_VAULT_ROLE` | Whitelisted vaults acting as stakers or earners (usually `Subvault` ) |
| `RECEIVER_ROLE`     | Authorized receivers for claimed rewards                              |

### Constructor

```solidity
constructor(address delegationManager_, address strategyManager_, address rewardsCoordinator_, string memory name_, uint256 version_)
```

Initializes the verifier by:

* Setting immutable references to EigenLayer’s:
  * `DelegationManager`
  * `StrategyManager`
  * `RewardsCoordinator`
* Inheriting access control via `OwnedCustomVerifier`

### `verifyCall`

```solidity
function verifyCall(
    address who,
    address where,
    uint256 value,
    bytes calldata callData,
    bytes calldata /* verificationData */
) external view override returns (bool)
```

### General Preconditions

* `who` must have `CALLER_ROLE`
* `value` must be 0 (no ETH allowed)
* `callData.length >= 4` (valid selector)

### Validated Targets & Selectors

### 1. **StrategyManager** – `depositIntoStrategy`

* `depositIntoStrategy(IStrategy, address asset, uint256 shares)`
  * Strategy must have `STRATEGY_ROLE`
  * Asset must have `ASSET_ROLE`
  * Shares must be non-zero
  * Calldata must match

### 2. **DelegationManager**

* **`delegateTo(address operator, SignatureWithExpiry signature, bytes32 salt)`**
  * Operator must have `OPERATOR_ROLE`
  * Calldata must match
* **`queueWithdrawals(QueuedWithdrawalParams[] params)`**
  * Only **one** **`params.length == 1`** allowed
  * Param must include:
    * One strategy with `STRATEGY_ROLE`
    * One deposit share > 0
  * Calldata must match
* **`completeQueuedWithdrawal(Withdrawal, address[] tokens, bool receiveAsTokens)`**
  * `receiveAsTokens` must be `true`
  * Withdrawal must:
    * Have only one strategy with `STRATEGY_ROLE`
    * Have `staker` with `MELLOW_VAULT_ROLE`
  * `tokens.length == 1` and token must have `ASSET_ROLE`
  * Calldata must match

### 3. **RewardsCoordinator** – `processClaim`

* **Selector:** `processClaim(RewardsMerkleClaim claimData, address receiver)`
* **Checks:**
  * `claimData.earnerLeaf.earner` must have `MELLOW_VAULT_ROLE`
  * `receiver` must have `RECEIVER_ROLE`
  * Calldata must match

### Security Properties

* **Role enforcement:** Prevents unauthorized usage of EigenLayer functions
* **Exact calldata match:** Avoids incorrect encoding or maliciously crafted data
* **Zero ETH transfers:** Disallows unexpected native token usage
* **Single param enforcement (withdrawals):** Minimizes complexity and risk surface


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://metavaults.mellow.finance/architecture/permissions/protocols/eigenlayerverifier.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.