Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

low issues

bauchibred

L-01 Updating deposits directly casts the amount of tracked total deposits from uint256 to int256

Summary

Vulnerability Details

Take a look at https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/linkStaking/OperatorVault.sol#L180-L209

function updateDeposits(
uint256 _minRewards,
address _rewardsReceiver
) external onlyVaultController returns (uint256, uint256, uint256) {
uint256 principal = getPrincipalDeposits();
uint256 rewards = getRewards();
uint256 totalDeposits = principal + rewards;
int256 depositChange = int256(totalDeposits) - int256(uint256(trackedTotalDeposits));
uint256 opRewards;
if (depositChange > 0) {
opRewards =
(uint256(depositChange) *
IOperatorVCS(vaultController).operatorRewardPercentage()) /
10000;
unclaimedRewards += SafeCast.toUint128(opRewards);
trackedTotalDeposits = SafeCast.toUint128(totalDeposits);
}
if (_minRewards != 0 && rewards >= _minRewards) {
rewardsController.claimReward();
trackedTotalDeposits -= SafeCast.toUint128(rewards);
totalDeposits -= rewards;
token.safeTransfer(_rewardsReceiver, rewards);
}
return (totalDeposits, principal, opRewards);
}
/**

This function is used to update the deposit and reward accounting for this vault. The issue, however, is that it does this by directly casting the value of trackedTotalDeposits from uint to int, without checking if it overflows, which would then affect the rewards. Considering this block would not be executed, causing unclaimed rewards to deviate from the real value and, in this case, even be less than expected.

Impact

Loss of rewards

Tools Used

Manual review

Recommendations

Do not blindly cast from uint256 to int256.

L-02 Approving to 0 would fail for some tokens

Vulnerability Details

In multiple instances, we approve to 0; however, this would fail for a lot of tokens.

For example, take a look at https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/StakingPool.sol#L320

token.safeApprove(address(strategy), 0);

The above is an instance where we have an approval of 0 in the staking pool, which would fail for a number of tokens.

NB: This is quite rampant in the code.

Impact

Approving to 0 can cause transactions to fail for certain tokens, leading to potential disruptions in the contract's functionality.

Tools Used

Manual review

Recommendations

Approve to 1 instead.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.