First Flight #9: Soulmate
First Flight #9
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

[H-2] `Staking.sol::deposit` function will allow users to deposit even if the contract doesn't have enough balance to pay out rewards.

Keyword

Description: The contract doesn't check to make sure that it has enough balance to pay out the rewards before allowing users to deposit their tokens. This ties somehow to the first reported bug [H-1].

Impact: The contract allows a user to deposit tokens as long as the balance of stakingVault is not 0. This means that if the vault has 1000 tokens left, and a user deposits 1001, then this user will not be able to use the claimRewards function, as this will revert, making the staking feature worthless.

Proof of concept: Add this function to the existing StakingTest.t.sol file.

function deposit(uint256 amount) public {
- if (loveToken.balanceOf(address(stakingVault)) == 0) revert Staking__NoMoreRewards();
+ if (loveToken.balanceOf(address(stakingVault)) < amount) revert Staking__AmountExceedsRewards();
// No require needed because of overflow protection
userStakes[msg.sender] += amount;
loveToken.transferFrom(msg.sender, address(this), amount);
emit Deposited(msg.sender, amount);
}

Recommended mitigation: To prevent this issue, the Staking.sol::deposit function should check to make sure that at the time of depositing, it has enough rewards to repay the amount. Also, I recommend implementing a mechanism for auto-replenishing once in a while so that the balance of the staking contract never runs out of funds to send out rewards.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.