DittoETH

Summary

Not enough liquidity will make unstake transactions fail.

Vulnerability Details

The amount of ETH liquidity available in the rETH pool can significantly oscillate based on external market conditions. One extreme case of disappearing ETH liquidity in the rETH pool happened due to the Terra/UST crisis.

The staked ETH (stETH) provided by Lido experienced a loss of its peg during a liquidation chain reaction. This occurred because institutional investors holding stETH were compelled to sell their leveraged positions due to the Terra/UST collapse. Notably, a significant portion of rETH liquidity on decentralized exchanges was paired within a curve pool alongside wstETH (wrapped Lido staked ETH). With stETH losing its peg, a lucrative arbitrage opportunity emerged. Traders could profitably exchange wstETH for rETH in the market through this curve pool and subsequently redeem that rETH for ETH from the deposit pool whenever it became available. This situation went on for weeks.

The available liquidity at the moment of writing is 24,357.68 ETH. This should be checked and transactions reverted if the amount requested is > than the liquidity available.

Impact

Wasted gas + bad user experience

Tools Used

Manual review

Recommendations

Insert a if + custom error check that reverts the unstake function from BridgeReth.sol if the amount requested is > than the available liquidity.