Distribution.sol#_withdraw() the user won't be able to withdraw all of his amount at certain condition
Summary
If the depositTokenContractBalance_ is less than the amount the user wants to withdraw, the user won't be able to withdraw all of his amount at certain contidion.
Vulnerability Details
There is a check if the amount_ the user wants to withdraw is more than the depositTokenContractBalance_ which is a valid condition on a negative rebasing. If that check pass, the amount_ is set to be equal to the depositTokenContractBalance_ which can make the user not being able to withdraw all of his amount.
Let's consider the following values:
userData.deposited = 14
amount_ = 14
depositTokenContractBalance_ = 10
'pool.minimalStake = 5'
The user wants to withdraw all of his stake which is 14, however, the depositTokenContractBalance_ does not have 14 but 10, and the user amount needs to be set to 10. But the problem arises since there is a minimalStake which is 5.
newDeposited would be 14 - 10 = 4, and the require check would not pass since the minimalStake is 5 and it leaves only 4. That would make the user not being able to withdraw all of his amount. The only way this require can pass is if the user withdraws 9 tokens but that way, there will be stuck 1 token that the user should be able to withdraw but can't.
Impact
Although the user suffered losses from the negative rebasing and would not be able to withdraw all of his staked amount, that check would make the user leave one more token(that he should be able to withdraw)
Tools Used
Manual Review
Recommendations
A possible solution would be to reduce the amount staked by the user in proportion to the negative rebasing losses rather than setting the amount to depositTokenContractBalance_ if there is not enough tokens.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.