Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Inadequate Pausing Mechanism in PriorityPool.sol Allowing Deposits During Paused State

0xsurena

Summary

A vulnerability has been identified in the PriorityPool.sol contract where the pausing mechanism is not enforced correctly across all deposit-related operations. Specifically, the function _requireNotPaused is only applied to the queuing of deposits, but not to direct deposit operations. This oversight allows users to bypass the pause functionality and continue making deposits when the contract is paused, posing a risk during emergency or maintenance scenarios.

Vulnerability Details

In the PriorityPool.sol contract, the pausing mechanism is intended to prevent certain critical operations (such as deposits) when the contract is in a paused state. However, the current implementation only checks for the paused state in certain scenarios—specifically, when a user attempts to queue their deposit. If the user chooses not to queue their deposit, the contract does not verify whether it is paused or not, and the deposit is processed regardless of the pause status.

This issue arises because the _requireNotPaused function is only applied inside a conditional block that checks whether the user intends to queue their deposit (_shouldQueue). As a result, users can still directly deposit tokens into the pool when the contract is paused, bypassing the intended safeguards.

Affected Code in PriorityPool.sol:

if (toDeposit != 0) {

if (_shouldQueue) {

_requireNotPaused(); // Only applied to queued deposits

if (accountIndexes[_account] == 0) {

accounts.push(_account);

accountIndexes[_account] = accounts.length - 1;

}

accountQueuedTokens[_account] += toDeposit;

totalQueued += toDeposit;

} else {

token.safeTransfer(_account, toDeposit); // Direct deposit without checking pause state

}

In the above code, the _requireNotPaused() function is only called when the user chooses to queue their deposit (_shouldQueue == true). However, if the user opts for a direct deposit (_shouldQueue == false), no such check is performed, and the deposit is processed without verifying the paused state of the contract.

Impact

This vulnerability allows users to continue depositing tokens into the pool even when the contract is paused.

Tools Used

Manually

Recommendations

To address this vulnerability and ensure that no deposits are processed when the contract is paused, the _requireNotPaused() check should be applied to all deposit paths, not just when the user opts to queue their deposit. This can be done by enforcing the pause check at the beginning of the _deposit function, regardless of the user’s choice to queue or not.

function _deposit(

address _account,

uint256 _amount,

bool _shouldQueue,

bytes[] memory _data

) internal {

_requireNotPaused(); // Ensure no deposits can be processed during paused state

....

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.