Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

withdrawPool:queueWithdrawal() can be DoS

ChatGpt

Summary

withdrawPool:queueWithdrawal() can be DoS

Vulnerability Details

withdrawPool:queueWithdrawal() has a check that ensures that the _amount is more than minWithdrawalAmount. This check will revert the transaction more than often because _amount is calculated by withdraw() of priorityPool, ie its not in user's hand.

function queueWithdrawal(address _account, uint256 _amount) external onlyPriorityPool {
-> if (_amount < minWithdrawalAmount) revert AmountTooSmall();
///
}
function _withdraw(
address _account,
uint256 _amount,
bool _shouldQueueWithdrawal
) internal returns (uint256) {
if (poolStatus == PoolStatus.CLOSED) revert WithdrawalsDisabled();
uint256 toWithdraw = _amount;
if (totalQueued != 0) {
uint256 toWithdrawFromQueue = toWithdraw <= totalQueued ? toWithdraw : totalQueued;
totalQueued -= toWithdrawFromQueue;
depositsSinceLastUpdate += toWithdrawFromQueue;
sharesSinceLastUpdate += stakingPool.getSharesByStake(toWithdrawFromQueue);
-> toWithdraw -= toWithdrawFromQueue;
}
if (toWithdraw != 0) {
if (!_shouldQueueWithdrawal) revert InsufficientLiquidity();
-> withdrawalPool.queueWithdrawal(_account, toWithdraw);
}
emit Withdraw(_account, _amount - toWithdraw);
return toWithdraw;
}

Above mention check will revert the transaction even though user passes the correct value in withdraw() of priorityPool

Impact

withdrawPool:queueWithdrawal() can be DoS. As result, users will not be able to queue their withdrawals

Tools Used

VS code

Recommendations

Don't revert the transaction, instead return

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

A withdrawal of totalQueued + x with x < minWithdrawal amount will revert

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.