First Flight #22: Steaking

First Flight #22

Beginner FriendlyFoundryDeFi

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

User CANNOT Unstake her staked ETH after staking period has ended

cryptedoji

Summary

If the Staking_period had already ended, a user changes her mind and decides NOT to deposit her already staked ETH into the vault, It becomes impossible for her to unstake and claim her ETH

Vulnerability Details

Since the protocol design and logic only allows a user to unstake only within the stake_period, user funds get stuck with the protocol if she did not unstake before that period of 4 weeks elapse

PoC

here is a foundry test for the vulnerability

function testUnstakingFailsAfterStakingPeriodAndUserWantsOut() public {

uint256 dealAmount = 1 ether;

_stake(user1, dealAmount, user1);

_endStakingPeriod();

uint256 stakedAmout = steaking.usersToStakes(user1);

vm.expectRevert(bytes(STEAK__STAKING_PERIOD_ENDED));

_unstake(user1, stakedAmout, user1);

}

Impact

users are forced against their will to deposit into the vault else the funds get stucked in the protocol
poor UX and centralization issue as users will be forced to deposit their staked ETH before they can claim them

Tools Used

manual review
foundry test

Recommendations

as far as users have not deposited their staked ETH into the vault, Steak::unstake should allow them to unstake their ETH any time they want

@external

def unstake(_amount: uint256, _to: address):

"""

@notice Allows users to unstake their staked ETH before the staking period ends. Users

can adjust their staking amounts to their liking.

@param _amount The amount of staked ETH to withdraw.

@param _to The address to send the withdrawn ETH to.

"""

- assert not self._hasStakingPeriodEnded(), STEAK__STAKING_PERIOD_ENDED

assert _to != ADDRESS_ZERO, STEAK__ADDRESS_ZERO

stakedAmount: uint256 = self.usersToStakes[msg.sender]

assert stakedAmount > 0 and _amount > 0, STEAK__AMOUNT_ZERO

assert _amount <= stakedAmount, STEAK__INSUFFICIENT_STAKE_AMOUNT

self.usersToStakes[msg.sender] -= _amount

self.totalAmountStaked -= _amount

send(_to, _amount)

log Unstaked(msg.sender, _amount, _to)

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

In case of a delay or failure to deploy the vault, user's funds are stuck inside the Steaking ctr

Appeal created

cryptedoji Submitter

10 months ago

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Validated

Assigned finding tags:

In case of a delay or failure to deploy the vault, user's funds are stuck inside the Steaking ctr

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.