The Steaking::stake()
function incorrectly updates the Steaking::usersToStakes
mapping, causing users to unstake or deposit incorrect funds to the vault.
The Steaking::stake()
function allows users to deposit ETH, and is responsible for updating the Steaking::usersToStakes
mapping. Currently the mapping is updated by setting the behalfed user to the msg.value
in the function:
Due to how the value is set for a user, this results in multiple future stakes to overwrite the previous stake rather than add on to what was previously staked. Imagine a scenario where Alice calls Steaking::stake()
to deposit 1 ether on behalf of herself. The function will set Steaking::usersToStakes[_onBehalfOf]
to 1000000000000000000
. At a later point, Alice decides to stake another 1 ether and calls Steaking::stake()
again. At this point, Steaking::usersToStakes[_onBehalfOf]
will then be set to 1000000000000000000
again.
Let's then say Alice decides to call Steaking::unstake()
passing in 2 ether as the amount. Since Steaking::usersToStakes[_onBehalfOf]
will represent 1 ether, Alice will be met with Steaking::STEAK__INSUFFICIENT_STAKE_AMOUNT
.
Let's say Alice does not unstake, and waits until the staking period is over and deposits into the vault calling Steaking::depositIntoVault()
. Since Steaking::usersToStakes[_onBehalfOf]
for Alice will represent 1 ether, only 1 ether will be deposited into the vault, thus leaving the remaining 1 ether stuck in the Steaking contract.
Prevent users from unstaking their total ETH staked.
Prevent users from being able to deposit the full amount of ETH staked.
Results in ETH being stuck in the Steaking contract.
Foundry, VS Code
Consider adding to the existing value of Steaking::usersToStakes[_onBehalfOf]
by using +=
rather than =
to keep track of subsequent stakes for users:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.