The `stake()` function does not increase user staked amount if user has staked before
Summary
The stake() function does not increase user staked amount if user has staked before.
This will cause lost of fund for user and lost off shares they received.
Vulnerability Details
When user deposits fund into the contract, the stake() function will set the user's deposited amount to the last amount they deposited.
user stakes 1 ETH -> balance: 1 ETH
user stakes an other 0.5 ETH -> balance: 0.5 ETH, but expecting balance is: 1.5 ETH
user now decides to unstakes all their stakes (1.5 ETH), but because the recorded user's balance is 0.5 ETH, they can only withdraw/get back upto 0.5 ETH, making their 1 ETH stuck forever
if they deposits into vault, they will only get shares by their recorded balance, mean 0.5 ETH, but expecting they get shares equivalent to their deposited amount (1.5 ETH)
Impact
Since the user's staked amount get overwritten, user can't withdraw their full deposited amount.
The fund then will be stuck on the contract forever.
Also because their staked balance will affect their received shares, so they will not get the full amount of shares as their expectation.
Tools Used
Manual review
Recommendations
Increase usersToStakes up on user stakes:
Lead Judging Commences
Steaking::stake overwrites the msg.value into storage
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.