Liquid Staking

Summary

StakingPool does not use IStakingPool to set minimum requirements for the contract.

Vulnerability Details

Since StakingPool does not inherit the list of function definitions from IStakingPool, there are two separate interfaces for the StakingPool contract. One is "StakingPool.sol" itself and the other is "IStakingPool.sol". This may cause the following problems:

• when changing one of the interfaces, remember to change the other one

• any error or discrepancy between interfaces may disrupt interaction with the deployed StakingPool contract

Impact

The PriorityPool contract uses IStakingPool to interact with StakingPool. Any difference between these two interfaces can cause communication problems between contracts. It is known that there are the following discrepancies:

• StakingPool: function getMaxDeposits() public view returns (uint256) vs IStakingPool: function getMaxDeposits() external view returns (uint256)

• StakingPool: function removeStrategy(uint256 _index,bytes memory _strategyUpdateData,bytes calldata _strategyWithdrawalData) external vs IStakingPool: function removeStrategy(uint256 _index) external

• StakingPool: function setPoolIndex does not exist vs IStakingPool: function setPoolIndex(uint16 _poolIndex) external

• StakingPool: function token() is in StakingRewardsPool contract vs IStakingPool: function token() external view returns (address)

• StakingPool: poolIndex is private variable (deprecated) vs IStakingPool: function poolIndex() external view returns (uint16)

Tools Used

Manual review.

Recommendations

Leaving it this way will only make the problem worse in the future. Make sure StakingPool is IStakingPool and correct any discrepancies according to the table above.