Withdrawal Amount Can Exceed Principal Deposits in LSTRewardsSplitter Contract
Summary
The withdraw function in the LSTRewardsSplitter contract contains a vulnerability that allows withdrawing an amount that exceeds the available principal deposits.
Vulnerability Details
This can lead to an underflow of the principalDeposits variable, resulting in an inconsistent state of the contract and potential loss of user funds.
The issue arises because the withdraw function directly subtracts the _amount from principalDeposits without performing any checks to ensure that the withdrawal amount is within the available principal deposits. If the _amount is greater than principalDeposits, the subtraction will result in an underflow, causing principalDeposits to become a large positive value.
This vulnerability can be exploited by calling the withdraw function with an _amount that exceeds the current principalDeposits. As a result, the contract will transfer more tokens than intended to the _receiver, effectively allowing the unauthorized withdrawal of funds.
Impact
The underflow of principalDeposits results in an inconsistent state of the contract, where the recorded principal deposits do not accurately reflect the actual deposits made by users.
Tools Used
Manual Review
Recommendations
Aheck in the withdraw function to ensure that the withdrawal amount does not exceed the available principal deposits
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.