chore: MOOCOW audit fixes (#1496)

**Motivation:**

Addresses Certora review:
* I-01: removed unused event
* I-02: corrected typo
* I-03: deduplicated fee calc
* I-04: removed unneeded checks
* I-05: corrected interface docs

**Modifications:**

* Clarified code comments and deduplicated some checks
* Add draft audit report

Author: wadealexc

audits/V1.6.0 (MOOCOW) - Certora - June 2025 (Draft).pdf

@@ -63,8 +63,6 @@ interface IEigenPodErrors {
 
     /// @dev Thrown when a predeploy request is initiated with insufficient msg.value
     error InsufficientFunds();
-    /// @dev Thrown when refunding excess fees from a predeploy fails
-    error RefundFailed();
     /// @dev Thrown when calling the predeploy fails
     error PredeployFailed();
     /// @dev Thrown when querying a predeploy for its current fee fails
@@ -167,7 +165,7 @@ interface IEigenPodEvents is IEigenPodTypes {
     /// @notice Emitted when a validator is proven for a given checkpoint
     event ValidatorCheckpointed(uint64 indexed checkpointTimestamp, bytes32 indexed pubkeyHash);
 
-    /// @notice Emitted when a validaor is proven to have 0 balance at a given checkpoint
+    /// @notice Emitted when a validator is proven to have 0 balance at a given checkpoint
     event ValidatorWithdrawn(uint64 indexed checkpointTimestamp, bytes32 indexed pubkeyHash);
 
     /// @notice Emitted when a consolidation request is initiated where source == target
@@ -300,8 +298,8 @@ interface IEigenPod is IEigenPodErrors, IEigenPodEvents, ISemVerMixin {
     /// consolidate their validators on the beacon chain.
     /// @param requests An array of requests consisting of the source and target pubkeys
     /// of the validators to be consolidated
-    /// @dev Both the source and target validator MUST have active withdrawal credentials
-    /// pointed at the pod
+    /// @dev The target validator MUST have ACTIVE (proven) withdrawal credentials pointed at
+    /// the pod. This prevents cross-pod consolidations.
     /// @dev The consolidation request predeploy requires a fee is sent with each request;
     /// this is pulled from msg.value. After submitting all requests, any remaining fee is
     /// refunded to the caller by calling its fallback function.
@@ -332,7 +330,8 @@ interface IEigenPod is IEigenPodErrors, IEigenPodEvents, ISemVerMixin {
     /// Some requirements that are NOT checked by the pod:
     /// - If request.srcPubkey == request.targetPubkey, the validator MUST have 0x01 credentials
     /// - If request.srcPubkey != request.targetPubkey, the target validator MUST have 0x02 credentials
-    /// - Both the source and target validators MUST be active and MUST NOT have initiated exits
+    /// - Both the source and target validators MUST be active on the beacon chain and MUST NOT have
+    ///   initiated exits
     /// - The source validator MUST NOT have pending partial withdrawal requests (via `requestWithdrawal`)
     /// - If the source validator is slashed after requesting consolidation (but before processing),
     ///   the consolidation will be skipped.

src/contracts/interfaces/IEigenPod.sol

@@ -311,14 +311,12 @@ contract EigenPod is
         ConsolidationRequest[] calldata requests
     ) external payable onlyWhenNotPaused(PAUSED_CONSOLIDATIONS) onlyOwnerOrProofSubmitter {
         uint256 fee = getConsolidationRequestFee();
-        require(msg.value >= fee * requests.length, InsufficientFunds());
-        uint256 remainder = msg.value - (fee * requests.length);
+        uint256 totalFee = fee * requests.length;
+        require(msg.value >= totalFee, InsufficientFunds());
+        uint256 remainder = msg.value - totalFee;
 
         for (uint256 i = 0; i < requests.length; i++) {
             ConsolidationRequest calldata request = requests[i];
-            // Validate pubkeys are well-formed
-            require(request.srcPubkey.length == 48, InvalidPubKeyLength());
-            require(request.targetPubkey.length == 48, InvalidPubKeyLength());
 
             // Ensure target has verified withdrawal credentials pointed at this pod
             bytes32 sourcePubkeyHash = _calcPubkeyHash(request.srcPubkey);
@@ -347,24 +345,20 @@ contract EigenPod is
         WithdrawalRequest[] calldata requests
     ) external payable onlyWhenNotPaused(PAUSED_WITHDRAWAL_REQUESTS) onlyOwnerOrProofSubmitter {
         uint256 fee = getWithdrawalRequestFee();
-        require(msg.value >= fee * requests.length, InsufficientFunds());
-        uint256 remainder = msg.value - (fee * requests.length);
+        uint256 totalFee = fee * requests.length;
+        require(msg.value >= totalFee, InsufficientFunds());
+        uint256 remainder = msg.value - totalFee;
 
         for (uint256 i = 0; i < requests.length; i++) {
             WithdrawalRequest calldata request = requests[i];
-            // Validate pubkey is well-formed.
-            //
-            // It's not necessary to perform any additional validation; the worst-case
-            // scenario is just that the consensus layer skips an invalid request.
-            require(request.pubkey.length == 48, InvalidPubKeyLength());
+            bytes32 pubkeyHash = _calcPubkeyHash(request.pubkey);
 
             // Call the predeploy
             bytes memory callData = abi.encodePacked(request.pubkey, request.amountGwei);
             (bool ok,) = WITHDRAWAL_REQUEST_ADDRESS.call{value: fee}(callData);
             require(ok, PredeployFailed());
 
             // Emit event depending on whether the request is a full exit or a partial withdrawal
-            bytes32 pubkeyHash = _calcPubkeyHash(request.pubkey);
             if (request.amountGwei == 0) emit ExitRequested(pubkeyHash);
             else emit WithdrawalRequested(pubkeyHash, request.amountGwei);
         }