Liquid Staking

Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Submission Details
Severity: low
Invalid

The parameter totalShares in StakingRewardsPool is not initialized

Summary

In the contract StakingRewardsPool the parameter totalShares is not initialized.

Vulnerability Details

Only one point for initialization is in _mintShares function.

function _mintShares(address _recipient, uint256 _amount) internal {
require(_recipient != address(0), "Mint to the zero address");
if (totalShares == 0) {
shares[address(0)] = DEAD_SHARES;
totalShares = DEAD_SHARES;
_amount -= DEAD_SHARES;
}
totalShares += _amount;
shares[_recipient] += _amount;
}

Impact

Checking if (totalShares == 0) each time a function is invoked can be gas-consuming.

And please check _burn function. Here, totalShares -= sharesToBurn can result in a value overflow and revert.

/**
* @notice Burns shares belonging to an account
* @dev takes an LST amount and calculates the amount of shares it corresponds to
* @param _account account to burn shares for
* @param _amount LST amount
*/
function _burn(address _account, uint256 _amount) internal override {
uint256 sharesToBurn = getSharesByStake(_amount);
require(_account != address(0), "Burn from the zero address");
require(shares[_account] >= sharesToBurn, "Burn amount exceeds balance");
totalShares -= sharesToBurn;
shares[_account] -= sharesToBurn;
emit Transfer(_account, address(0), _amount);
}

Tools Used

forge

Recommendations

Please set a default value for totalShares to avoid checking its value each time.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.