Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Inconsistent Vault Count Check in checkUpkeep and performUpkeep Functions

sohrabhind

Summary

The checkUpkeep and performUpkeep functions in the CommunityVCS contract have inconsistent conditions for determining whether new vaults should be deployed. This inconsistency can cause the system to fail to deploy new vaults when needed, affecting the functionality of the vault management strategy.

Vulnerability Details

The functions checkUpkeep and performUpkeep are responsible for checking if the conditions are met to deploy a new batch of vaults and performing the deployment, respectively.

Issue in checkUpkeep:
The function checks if the number of non-full vaults is below the deployment threshold:

return (

(vaults.length - globalVaultState.depositIndex) < vaultDeploymentThreshold,

bytes("")

);

This condition returns true when the number of non-full vaults is less than the vaultDeploymentThreshold, indicating that a new batch of vaults should be deployed.

Issue in performUpkeep:
The function checks if the number of non-full vaults is greater than or equal to the deployment threshold:

if ((vaults.length - globalVaultState.depositIndex) >= vaultDeploymentThreshold)

revert VaultsAboveThreshold();

If this condition is met, the function reverts, preventing the deployment of new vaults.

The logic in performUpkeep contradicts the intended condition in checkUpkeep, leading to a situation where even when checkUpkeep indicates that new vaults should be deployed, performUpkeep might revert the transaction, thus failing to deploy the new vaults.

Impact

The inconsistency between the checkUpkeep and performUpkeep functions can cause the vault management strategy to malfunction:

New vaults may not be deployed even when they are required, leading to potential operational issues in managing staking deposits and rewards.
The system's ability to scale and accommodate new deposits could be significantly affected, potentially causing missed opportunities for staking or rewards.
The intended automatic upkeep mechanism may fail, requiring manual intervention to deploy vaults.

Tools Used

Manual code review

Recommendations

Align the conditions in checkUpkeep and performUpkeep to ensure consistent logic. For example:
Update the condition in performUpkeep to match the logic in checkUpkeep:

if ((vaults.length - globalVaultState.depositIndex) < vaultDeploymentThreshold)

revert VaultsAboveThreshold();

This change will make sure that both functions correctly determine when new vaults should be deployed.

Add unit tests to cover the deployment logic, ensuring that both functions work together to trigger vault deployment as expected.

Updates

Lead Judging Commences

inallhonesty Lead Judge

8 months ago

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.