Incorrect Staking Amount Update (Root Cause: Overwriting Existing Stake)
Description
The stake() function in the provided code overwrites the existing staked amount for a user in the usersToStakes mapping. This can lead to loss of previously staked funds and incorrect tracking of the total amount staked.
Impact
When a user stakes additional funds, the function replaces the existing staked amount with the new amount, effectively erasing any previous stake. This can result in incorrect accounting of the total staked amount and loss of user's previously staked funds.
Proof of concept
User A stakes 10 ETH.
User A stakes another 5 ETH.
The
usersToStakes[User A]will now be 5 ETH, not 15 ETH, and thetotalAmountStakedwill be incorrect.
Recommended Mitigation:
Update the stake() function to add the new stake amount to the existing staked amount, rather than overwriting it. This can be done by modifying the line:
to :
This will preserve the existing staked amount and correctly update the total amount staked.
Tools Used
Manual review, vscode
Lead Judging Commences
Steaking::stake overwrites the msg.value into storage
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.