WITHDRAWAL RESTRICTION LEADS TO USER FUND LOCKUP
Summary
The Steaking contract has a flaw that prevents users from retrieving their staked ETH after the staking period concludes, which deviates from the intended protocol design of enabling withdrawals or conversion to WETH for vault deposits
Vulnerability Details
The unstake function restricts users from reclaiming their ETH after the staking duration is over, effectively locking their funds and compelling them to convert to WETH for vault deposits. This limitation negatively impacts the user experience and diminishes operational flexibility.
Impact
Users are unable to withdraw their staked ETH after the staking term unless they opt for conversion to WETH and subsequent vault deposit. This could discourage participation and hinder the protocol's objectives for liquidity enhancement.
Tools Used
Manual Code Inspection
Recommendations
Revise the unstake function to grant users the ability to withdraw their ETH post-staking period, offering a choice between withdrawal or deposit into the WETH vault.
Lead Judging Commences
In case of a delay or failure to deploy the vault, user's funds are stuck inside the Steaking ctr
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.