Minimum deposit not enforced properly in `depositEth` from `BridgeRouterFacet.sol` in case of rETH
Summary
The depositEth function from BridgeRouterFacet.sol will fail in the [0.0001 ether; 0.01 ether) interval in case of rETH.
Vulnerability Details
The protocol establishes a MIN_DEPOSIT = 0.0001 ether in Constants.sol that is checked when depositEth is called if (msg.value < Constants.MIN_DEPOSIT) revert Errors.UnderMinimumDeposit();.
The problem lies in the fact that RocketPool documentation states the following:
As a Rocket Pool staker, your role is to deposit ETH into the deposit pool which will enable a node operator to create a new Beacon Chain validator. You can stake as little as 0.01 ETH.
This is enforced by a check in their deposit function
Impact
All the deposits between the MIN_DEPOSIT of the protocol and minimum deposit of the Rocketpool will fail wasting unnecessary gas.
Tools Used
Manual review
Recommendations
Increase the MIN_DEPOSIT constant to 0.01 ether to match Rocketpool's minimum.
or
Transform the MIN_DEPOSIT constant into MIN_DEPOSIT_STETH and make a new MIN_DEPOSIT_RETH constant equal to 0.01 ether to be used for the appropriate bridge.
Lead Judging Commences
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.