Staking Amount Overwriting
Summary
The stake function in the Steaking contract replaces the existing staked amount for a user with the new stake value, rather than incrementing it.
Vulnerability Details
The current implementation of the stake function overwrites the staked amount for the _onBehalfOf address with the new amount:
Instead of adding the new stake to the existing amount, this assignment completely replaces the previous balance with msg.value. As a result, if a user stakes multiple times, their earlier stakes are lost and replaced with the most recent amount.
Impact
This behavior prevents users from incrementally increasing their staked balance. Instead of aggregating stakes, each new stake replaces the previous one, leading to inaccurate tracking of the total staked amount. This can cause incorrect points calculations and potential issues with rewards distribution or staking history.
Tools Used
Manual Code Review
Recommendations
Update the stake function to increment the existing stake rather than replacing it, ensuring that users can increase their stake progressively.
Lead Judging Commences
Steaking::stake overwrites the msg.value into storage
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.