there's a missing unstaking strategy for "RETH." This absence of a clear plan for token burning can impact the overall functionality and management of the token.
Summary
The current and only unstaking strategy for "RETH" involves burning the tokens, as depicted in the provided Solidity code.
However, there's an issue highlighted in the RETH documentation: link. If the staking liquidity pool doesn't have enough ETH to fulfill the trade, the burn process will revert. This creates an issue for users who intend to deposit ETH following the unstaking process. They find themselves in a situation where they cannot perform the burn operation, leaving them with two choices: either waiting for unstaking to become available or withdrawing RETH instead of ETH.
Vulnerability Details
Impact
-
For Contracts: If you're operating as a contract and your functionality is dependent on receiving ETH, this situation can be problematic. Contracts might not be programmed to execute a "withdraw" or handle RETH, or they may not be equipped to handle the process of swapping RETH for ETH on an exchange. All these are lose of funds for user and Even if they can, this incurs extra gas costs and potential slippage.
-
For Users: Users, have two options.
They end up receiving RETH instead of ETH upon unstaking, needing a subsequent step of swapping RETH for ETH on an exchange. This extra step incurs gas fees and the potential for slippage, resulting in additional costs and complexity for users.
Unstaking small amount of your deposited ETH that costs so much gas. EX: You deposit 100 ETH and unstake 1 ETH each time → (100 * single transaction * gas for unstaking)
Tools Used
manual review
Recommendations
add more strategy for unstaking RETH (add swapping on exchange)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.