MorpheusAI

Summary

The vulnerability arises from a race condition between a user's stake and another user's withdrawal in a scenario involving a rebasing token (stETH). Due to the rebasing nature of stETH, its value can become negative.

Vulnerability Details

when contract balance will be negative in some conditions, if the new user come and stake stETH contract balance will increases, old user can call Distribution.sol:_withdraw and there will no balance left inside the contract for new users.
The vulnerability arises due to the reentrancy-like scenario where a user initiates a withdrawal after observing a Distribution.sol:stake transaction by another user but before the updated balance is reflected in the contract. This can lead to a situation where the contract's balance becomes negative after the withdrawal, making it impossible for subsequent users to withdraw their staked tokens after the withdrawallockperiod.

Impact

The vulnerability can lead to a denial-of-service scenario where subsequent users are unable to withdraw their staked tokens, resulting in a loss of user funds and trust in the contract.

Tools Used

Manual analysis

Recommendations

Implement a mechanism to lock withdrawals until the stake transaction's effects are fully reflected in the contract's state, thereby preventing the race condition.
Ensure that the contract maintains a sufficient balance to cover all potential withdrawals, especially in scenarios involving rebasing tokens.