Summary

The depositIntoVault function does not include slippage protection during the deposit process, which can lead to discrepancies between the expected and actual deposited amounts.

Vulnerability Details

The function directly deposits the staked ETH into the WETH Steak vault without considering potential slippage. This means the actual amount of WETH received might differ from what was initially expected, resulting in discrepancies in the amount of shares issued to the user.

Impact

The lack of slippage protection opens the door to potential front-running attacks or sandwich attacks. Malicious actors could exploit this vulnerability to manipulate the deposit process, causing users to receive fewer shares than expected or potentially disrupting the overall fairness of the deposit mechanism.

Tools Used

Manual Review

Recommendations

Consider adding slippage protection mechanisms or validate the deposit amount against the actual amount received to ensure consistency and fairness in the shares issued.