First Flight #9: Soulmate
First Flight #9
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

```Staking::deposit``` potential insufficient reward distribution due to staking vault balance

kiteweb3

Summary

The Staking::deposit function allows users to stake a large amount of tokens without verifying whether the stakingVault has sufficient tokens to cover the rewards for all staked tokens. This could lead to a situation where users are unable to claim their rewards if the stakingVault balance falls short.

Vulnerability Details

function deposit(uint256 amount) public {
if (loveToken.balanceOf(address(stakingVault)) == 0)
revert Staking__NoMoreRewards();
// No require needed because of overflow protection
userStakes[msg.sender] += amount;
loveToken.transferFrom(msg.sender, address(this), amount);
emit Deposited(msg.sender, amount);
}

Impact

The lack of a check in the deposit function to prevent over-staking when the stakingVault balance is insufficient could result in users not receiving their expected rewards.

Tools Used

Manual review.

Recommendations

Implement additional checks or mechanisms in the deposit function to ensure that the stakingVault has enough tokens to cover the rewards for all staked tokens.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.