Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

`PriorityPool` Will Unilaterally Unpause On `updateDistribution`

auditweiler

Summary

Calling updateDistribution will unconditionally unpause the PriorityPool.

Vulnerability Details

When the DistributionOracle calls updateDistribution on the PriorityPool, the pool is unpaused:

function updateDistribution(

bytes32 _merkleRoot,

bytes32 _ipfsHash,

uint256 _amountDistributed,

uint256 _sharesAmountDistributed

) external onlyDistributionOracle {

@> _unpause();

depositsSinceLastUpdate -= _amountDistributed;

sharesSinceLastUpdate -= _sharesAmountDistributed;

merkleRoot = _merkleRoot;

ipfsHash = _ipfsHash;

merkleTreeSize = accounts.length;

emit UpdateDistribution(

_merkleRoot,

_ipfsHash,

_amountDistributed,

_sharesAmountDistributed

);

}

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/priorityPool/PriorityPool.sol#L491C9-L491C20

However, the pool is unpaused irrespective of the pause conditions - remember that the DistributionOracle has the ability to permissionlessly pause the protocol based upon a set of predefined conditions:

if (upkeepType == UpkeepType.PAUSE) {

@> if (priorityPool.depositsSinceLastUpdate() < minDepositsSinceLastUpdate)

@> revert UpdateConditionsNotMet();

@> _pauseForUpdate();

}

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/priorityPool/DistributionOracle.sol#L133C12-L135C31

Therefore, when the DistributionOracle calls updateDistribution, the PriorityPool can be immediately placed back into an unpaused state even when the pool satisfies the pause condition i.e.:

priorityPool.depositsSinceLastUpdate() < minDepositsSinceLastUpdate

Impact

The pool can immediately be re-paused after a successful call to updateDistribution, stopping users from unqueueing.

Tools Used

Manual Review

Recommendations

Calls to updateDistribution should revert if the pool fails to satisfy the priority fee settings of the DistributionOracle.

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!