Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Priority pool should approve staking pool to enable deposit

kongdu

Summary

Deposit into Priority Pool calls deposit function of the staking pool which transfers asset token from priority pool to staking pool. This requires approve operation on priority pool but there is no approve operation.

Vulnerability Details

In PriorityPool, deposit is done by calling _deposit function.

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/priorityPool/PriorityPool.sol#L257

_deposit function calls stakingPool.deposit function.

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/priorityPool/PriorityPool.sol#L626

The StakingPool's deposit function calls transfer asset token using safeTransferFrom function to transfer token from priority pool to staking pool

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/StakingPool.sol#L121

Above operation requires approving the staking pool on priority pool. However there is no operation to approve staking pool on priority pool

Impact

Depositing into PriorityPool will not work

Tools Used

Mannual

Recommendations

Approve the StakingPool on PriorityPool.

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.