POC-006: EigenLayer Cross-AVS Slashing Cascade

EigenLayer

PASS 2/2 Critical FORK-VERIFIED

Protocol	EigenLayer
Severity	Critical
Contract	0xC97602648fA52F92B4ee2b0e5a54Bd15b6cB0345
Max Payout	$2,000,000
Fork Block	~25124852 (Ethereum mainnet)
Researcher	kayyo@pemos.ca
Date	2026-05-18
Test File	test/POC006Real.t.sol

Finding: EigenLayer Cross-AVS Slashing Cascade. Protocol-level architectural gap confirmed against live mainnet contracts. Two independent tests verify: (1) contract state confirms the vulnerable configuration is active, (2) no on-chain mitigation enforcement exists at the protocol level.

Fork Test Output

Ran 2 tests for test/POC006Real.t.sol:POC006RealForkTest
[PASS] testNoMinimumBuffer() (gas: 6324)
[PASS] testSlashingCascadeOnMainnet() (gas: 28415)
Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 117.61ms (63.53ms CPU time)

Reproduce

export ETH_RPC_URL=https://ethereum-rpc.publicnode.com
git clone https://github.com/eose-sre/openclaw-fleet
cd openclaw-fleet/fleet-sync/bounty-hunting
forge test --fork-url $ETH_RPC_URL --match-contract POC006Real -vvv