All tokens to be queued are lost in the priority pool when queuing is paused
Summary
When queuing is paused, alltoDeposit tokens to be queued are lost in the priority pool because the PriorityPool#_deposit does not handle the tokens properly.
Vulnerability Details
After attempting to deposit into the withdrawal and staking pools, if:
There are still tokens left
(toDeposit != 0)and,_shouldQueueis true
then the PriorityPool#_deposit function will attempt to queue the tokens in the relevant accountQueuedTokens array:
core/priorityPool/PriorityPool.sol#L632-L644
The issue is that the PriorityPool#_deposit function requires queuing is not paused _requireNotPaused(); but doesn't handle the tokens to be queued when it's paused.
A crucial point to understand is that only the the queuing branch has pausing logic, depositing into the withdrawal and staking pools does not i.e, they will deposit tokens regardless of whether queuing is paused or not. If there excess tokens are queued when queuing is paused, they will be lost.
Impact
High: all excess tokens toDeposit are lost in the priority pool when queuing is paused. The amount could be large for stakers willing to wait for their turn stake.
Likelihood
Low: only when queuing is paused and there are tokens toDeposit.
Tools Used
Manual Review.
Recommendations
Either pause the whole deposit function or handle the excess tokens properly when queuing is paused.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.