Liquid Staking

Summary

Lack of proper checks in the addFee function allows duplicate fee receivers in the fees array.

Relevant link

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/lstRewardsSplitter/LSTRewardsSplitter.sol#L140

Vulnerability Details

The addFee function in the LSTRewardsSplitter contract is designed to add new fee receivers and their respective _feeBasisPoints. However, the function does not validate whether the fee receiver already exists in the fees array before adding the new entry.

This becomes an issue when the owner attempts to update or remove a fee receiver using the updateFee function, which operates on the basis of an index. If a fee receiver has been added multiple times, the updateFee function will only update the entry at the provided index, potentially leaving other instances of the same receiver unchanged. This could result in unexpected behavior, such as a fee receiver who was supposed to be removed still receiving fees due to other duplicate entries in the array.

Impact

• Inconsistent Fee Distribution: A fee receiver who should no longer be entitled to fees may still receive payments due to other duplicate entries not being properly removed or updated.

• Increased Gas Costs: Handling multiple entries for the same fee receiver in the array increases the complexity and gas costs during operations that interact with the fees array, particularly if the array grows large.

Tools Used

Manual review.

Recommendations

• Add a validation check in the addFee function to ensure that the same fee receiver cannot be added more than once. This can be achieved by looping through the fees array to verify that the receiver address is unique before adding a new entry.

• Consider implementing a mapping for fee receivers instead of an array, to ensure uniqueness by design and allow for efficient updates and removals.