stake.link

stake.link
DeFiHardhatBridge
27,500 USDC
View results
Submission Details
Severity: low
Valid

SDLPoolCCIPControllerSecondary.performUpkeep doesn't check if pool needs update

Summary

SDLPoolCCIPControllerSecondary.performUpkeep doesn't check if pool needs update, which will make updates to be really rare.

Vulnerability Details

SDLPoolCCIPControllerSecondary.performUpkeep function checks if update is needed. If yes, then it processes next batch of queued actions.

shouldUpdate variable is set to true only in one case: when rewards has come from primary chain and some actions are already queued in the secondary pool. In other cases it will be not possible to execute queued actions.

When secondary pool will be created, then everyone can stake into it, but their tokens will be just sitting in the contract adn waiting until at least one lock from primary chain will be bridged to the secondary chain. This is because, otherwise rewards of the chain will be always 0 and ccip call will not be sent to the destination.
As result staked dsl of the users will be temporarily freezed on the child chain adn during that time they will not be able to do anything with the lock.

Another problem is that stakers of secondary pool will not be able to execute their actions as soon as they wish and they will depend on rewards distribution. They should always wait when next distribution is done, so their queued actions are processes. So they should wait more time.

Impact

Users can't process their actions fast. First stakers will wait when someone will brodge lock from primary chain.

Tools Used

VsCode

Recommendations

Give ability for users to execute ccip call to primary pool and pay for it.

Updates

Lead Judging Commences

0kage Lead Judge
over 1 year ago
0kage Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

first-reward-update

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.