Harden Lido withdrawal claims

[TUPM96]

Summary

• Add onlyOperatorOrOwner to LidoARM.claimLidoWithdrawals() so claim timing stays under the same operator/owner control as requestLidoWithdrawals().
• Wrap only the ETH received during the current Lido claim instead of address(this).balance, so pre-existing donated ETH is not swept into WETH during a claim.
• Add regression coverage for unauthorized callers and pre-existing ETH, and make the Lido claim test helper model ETH sends without overwriting or retaining the sender balance.

Fixes #241.

Validation

• MAINNET_URL=https://ethereum-rpc.publicnode.com C:\Users\tupm96\.foundry\bin\forge.exe test --match-path test/fork/LidoARM/ClaimStETHWithdrawalForWETH.t.sol --summary -vvv -> 5 passed
• C:\Users\tupm96\.foundry\bin\forge.exe build --skip test script --force -> success, existing warnings only
• C:\Users\tupm96\.foundry\bin\forge.exe fmt --check src/contracts/LidoARM.sol test/fork/LidoARM/ClaimStETHWithdrawalForWETH.t.sol test/fork/utils/MockCall.sol -> success
• git diff --check -> clean

No private keys, wallet secrets, payout details, private vulnerability details, or mainnet transactions are included.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR tightens access control around claiming Lido withdrawals and prevents wrapping unrelated pre-existing ETH balances when converting claimed ETH to WETH.

Changes:

• Restrict claimLidoWithdrawals to operator/owner and add a regression test for unauthorized callers.
• Track pre-claim ETH balance and wrap only the ETH received from the claim (not pre-existing/donated ETH).
• Adjust a test utility (ETHSender.sendETH) to preserve a target’s existing ETH balance when “sending” via vm.deal.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
test/fork/utils/MockCall.sol	Updates ETH test helper to add to (rather than overwrite) a target’s ETH balance.
test/fork/LidoARM/ClaimStETHWithdrawalForWETH.t.sol	Adds tests for unauthorized access and for not wrapping pre-existing ETH donations.
src/contracts/LidoARM.sol	Adds onlyOperatorOrOwner gating and wraps only newly received ETH from Lido claims.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[TUPM96]

Follow-up pushed in 76b5c9a after Copilot review: the ETH test helper now drains the sender balance after crediting the target, and the claim-wrap comment documents that only the ETH balance increase during the claim is wrapped.

Revalidated locally:

• forge build -> success
• forge fmt --check src/contracts/LidoARM.sol test/fork/LidoARM/ClaimStETHWithdrawalForWETH.t.sol test/fork/utils/MockCall.sol -> success
• MAINNET_URL=https://ethereum-rpc.publicnode.com forge test --match-path test/fork/LidoARM/ClaimStETHWithdrawalForWETH.t.sol --summary -vvv -> 5 passed
• MAINNET_URL=https://ethereum-rpc.publicnode.com forge test --match-path 'test/fork/LidoARM/*.sol' --summary -vv -> 129 passed

[naddison36]

It was a design decision to allow anyone to claim Lido withdrawals. That way, if the Operator or Owner stopped, the ARM LPs could still get the liquidity back into the ARM so they could claim redeem requests.

We also want any donated ETH to be included in the ARM's assets.