Incorrect Calculation of Total Deposit Room in Vault Groups
Summary
The deposit function in the CommunityVCS contract contains a logic flaw that incorrectly calculates the total deposit room for vault groups when the vault deposit limit changes. This issue arises when there are ungrouped vaults, leading to an inflated calculation of the total deposit room.
Vulnerability Details
In the deposit function, when the vault deposit limit (maxDeposits) is increased, the code attempts to adjust the totalDepositRoom for each vault group. The calculation involves dividing the total number of vaults by the number of vault groups to determine the number of vaults per group. If there are ungrouped vaults, the remainder is used to increment the number of vaults in some groups by one. This results in an inflated numVaults value, which is then used to calculate the increase in totalDepositRoom for each group.
The problematic code snippet is:
https://github.com/Cyfrin/2024-09-stakelink/blob/main/contracts/linkStaking/CommunityVCS.sol#L99
This logic incorrectly increases the number of vaults in a group, leading to an overestimation of the totalDepositRoom.
Impact
The incorrect calculation of totalDepositRoom can lead to several issues:
-
Overestimation of Deposit Capacity: The strategy may believe it has more capacity to accept deposits than it actually does, potentially leading to failed deposits or mismanagement of funds.
-
Increased Risk of reverts: As there's limit on how much a vault can stake , inflated depositroom may cause unexpected reverts in certain transactions .
Tools Used
Manual code review
-cursor
Recommendations
Correct the Calculation Logic: Ensure that the
numVaultscalculation accurately reflects the actual number of vaults in each group without inflating due to ungrouped vaults.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.