Liquid Staking

Summary

In the case that staking pool transfers the lst directly to an account, this will lead to the account losing its fair shares and also wrong calculations related to totalShares affecting the whole shares and rewards calculations.

Vulnerability Details

In PriorityPool.sol: _deposit() internal function,

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/priorityPool/PriorityPool.sol#L601C5-L647C6

If totalQueued = 0 and there were queuedWithdrawals in the WithdrawalPool . Some/all of the deposited amount will be directed to fulfill the waiting `queuedWithdrawals'.
After that,The withdrawal pool will send the amount it took back to the p.p. and the staking pool will send this amount to the original account.

IERC20Upgradeable(address(stakingPool)).safeTransfer(_account, toDepositIntoQueue);

The problem is that this is not minting therefore, no shares will be assigned to the account.

Impact

This will cause two issues:

1- The account will lose its shares, thus no rewards will be assigned for his account.

2- The totalShares will not increase as it should causing the calculations involving this variable to lead to wrong outcomes.

Tools Used

Manual review

Recommendations

After transferring lst from staking pool add the following lines