First Flight #22: Steaking

First Flight #22

Beginner FriendlyFoundryDeFi

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Users can withdraw their deposited ETH from the vault at anytime

cryptedoji

Summary

Since there's no function or logic in the Steaking contract to lock the deposited funds for sometime, users can withdraw their deposits almost immediately without waiting. with this vulnerability, there may be no liquidity for the protocol.

Vulnerability Details

according to the docs, Steak wants to bootstrap liquidity for its ERC4626 WETH vault and reward early adopters. However, if all stakers withdraw their ETH immediately after they deposited, then the proptocol will end up with no liquidity and thus the main goal is defeated

PoC

function testDepositIntoVaultAndWithdrawsInstantly() public {

_startVaultDepositPhase(user1, 1 ether, user1);

vm.startPrank(user1);

steaking.depositIntoVault();

uint256 vaultBalancebeforeWithdraw = weth.balanceOf(address(wethSteakVault));

wethSteakVault.withdraw(1 ether, address(user1), address(user1));

uint256 vaultBalanceAfterWithdraw = weth.balanceOf(address(wethSteakVault));

vm.stopPrank();

uint256 userBalanceAfterWithdraw = weth.balanceOf(user1);

assert(vaultBalancebeforeWithdraw == 1 ether && vaultBalanceAfterWithdraw == 0);

assert(userBalanceAfterWithdraw == 1 ether);

}

Impact

no liquidity for the protocol

Tools Used

manual review
foundry test
reviewing of ERC4626

Recommendations

Write a special contract for the WethVault contract, and in this vault contract, write withdraw and redeem functions to override the ERC4626::withdraw and ERC4626::redeeem functions respectively. in the vault contract set the duration for which the deposited ETHshould be locked in the vault and the withdrawand redeem functions should always check if lock period is over

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Appeal created

cryptedoji Submitter

10 months ago

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.