Off-chain CLI tool that deposits Swell node-operator validators for swETH and rswETH on Ethereum mainnet.
A malicious operator can pre-deposit 1 ETH under their own withdrawal credential before the bot's 32 ETH top-up, permanently capturing the pooled deposit.
One node operator's unverifiable key blocks the entire batch, halting deposits for every operator selected in that run.
Reading the nonce at latest instead of pending can collide with an in-flight transaction and get the re-run rejected.
Two operators sharing the same name silently overwrite each other in the allocation maps, zeroing one operator's deposits.
The bot never checks the on-chain enabled flag, so a disabled operator's key passes every gate and only reverts at simulation.
Get a free 30-minute security assessment. We’ll review your codebase scope and flag the top 3 risk areas.
No commitment required · Typical audits start within 1–2 weeks