Protocol Won't Support Some Wrapped Native Tokens Due to 1-2 Wei Corner Case
Summary
The protocol may face issues with some wrapped native tokens due to a corner case involving integer division, which can result in minor discrepancies during transfers. This can prevent users from successfully depositing stETH.
Vulnerability Detail
The stETH balance calculation includes integer division, and there is a common scenario where the entire stETH balance cannot be transferred from the account, leaving the last 1-2 wei on the sender's account. As the stETH/share rate increases in the future, this error will become more significant. In the tillIn function, the following check is performed:
In this case, msg.value will be less than _amount, causing the withdrawal to revert. This issue is documented in the Lido DAO Issues.
https://github.com/lidofinance/lido-dao/issues/442
Proof of Code
User A transfers an amount of 20 stETH.
Under the hood, the stETH balance gets converted to shares, and integer division occurs, leading to rounding down.
In many cases, the actual amount transferred may be 1-2 wei less than expected.
Impact
Users will be unable to deposit stETH.
Tool Used
Manual Review
Recommendation
When directly integrating stETH and performing a transfer, include a balance check to verify how much stETH is in the contract before transferring.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.