Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

`_transfer` function is wrongly implemented to transfer `shares` instead of `LST`

shahilhussain

Summary

StakingRewardsPool::_transfer function wrongly implement to transfer shares instead of LST breaking the entire protocol.

Vulnerability Details

StakingRewardsPool::_transfer function implementation:-

/**
* @notice Transfers an LST balance from one account to another
* @param _sender account to transfer from
* @param _recipient account to transfer to
* @param _amount amount to transfer
*/
function _transfer(address _sender, address _recipient, uint256 _amount) internal override {
uint256 sharesToTransfer = getSharesByStake(_amount);
require(_sender != address(0), "Transfer from the zero address");
require(_recipient != address(0), "Transfer to the zero address");
require(shares[_sender] >= sharesToTransfer, "Transfer amount exceeds balance");
shares[_sender] -= sharesToTransfer;
shares[_recipient] += sharesToTransfer;
emit Transfer(_sender, _recipient, _amount);
}

The docs says that it is supposed to transfer LST balance but the implementation is transferring shares instead of LST. This _transfer function is overridden the _transfer function of ERC20 which actually handles the transferring the LST.

Impact

When ever there is a transfer of LST instead of transferring LST it will transfer shares breaking the entire protocol.

Tools Used

Manual Review

Recommendations

Implement the correct logic to transfer LST instead of shares.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.