BridgeReth unstake() function can be unavailable because of not enough ETH in RocketDepositPool
Summary
The BridgeReth unstake() function can become unavailable, because it depends on the RocketDepositPool having enough ETH to cover the unstake.
Vulnerability Details
As per the rocketpool documentation:
Trading rETH back for ETH is only possible when the staking liquidity pool has enough ETH in it to handle your trade. This is Rocket Pool's pool of ETH that comes from two sources:
ETH that other stakers have deposited, which hasn't been used by a Node Operator to create a new validator yet
ETH that was returned by a Node Operator after they exited one of their validators and received their rewards from the Beacon Chain
Impact
In the case that RocketDepositPool does not have enough ETH to cover the unstake, the impact is minimal since a user could use the function withdraw(), and wait to do the unstake later at the rocket pool website or directly in the contract RocketTokenRETH.sol when enough ETH is available or in alternative a user could also swap the rETH for ETH at a decentralized exchange like Uniswap likely for the cost of a small premium.
Recommendations
Let users know that if that in the case the unstake() function is unavailable, they could try later or withdraw() and unstake later at the rocket pool contract
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.