Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Funds At Risk from Repeated Liquidity Insertions

hunter_w3b

Summary

The emergencyResume() function adds liquidity back into the pool during resume from pause. However, it does not check if liquidity was already added by a previous call.

Vulnerability Details

If emergencyResume() ever reverts or fails after inserting liquidity, calling it again would add a duplicate entry without detection. This could lock up tokens long-term in the pool or introduce surplus.

Reproduction Steps:

Call emergencyResume() to add initial liquidity
Mimic a failure that reverts the transaction
Call emergencyResume() a second time
Detect duplicate liquidity insertion

Impact

Funds may become permanently stuck in pool

Tools Used

Manual Review

Recommendations

Add checks that no liquidity exists already before insertion. For example, verify zero liquidity token balances owned by contract. Revert on any duplicates to avoid risk of locked or excess funds.

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.