Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

contracts/core/priorityPool/PriorityPool.sol

kp8877

Potential vulnerabilities in the PriorityPool contract:

1. Access Control:

Reliance on msg.sender: The contract relies on msg.sender for access control in several functions. This can be vulnerable to spoofing attacks if an attacker can manipulate the transaction sender address.
Limited authorization roles: There are only a few roles defined (owner, rebaseController, distributionOracle, withdrawalPool). Consider implementing more granular roles for specific actions.

2. Insufficient Input Validation:

Zero-value checks: Some functions only check for zero values (_value in onTokenTransfer, _amountToWithdraw in withdraw, _amountToUnqueue in unqueueTokens). An attacker could potentially exploit these by passing extremely large values that could cause overflows or underflows.
Merkle proof verification: While the contract verifies merkle proofs for claims and unqueuing, it doesn't explicitly check the validity of the data encoded in the proof (e.g., _amount, _sharesAmount).

3. Reentrancy:

The contract doesn't explicitly protect against reentrancy attacks. This could be exploited by a malicious token contract that calls back into the PriorityPool during a deposit or withdrawal, potentially leading to unexpected behavior.

4. Business Logic Issues:

Deposit bypassing limits: The depositQueuedTokens function allows bypassing the stored deposit limits (queueDepositMin and queueDepositMax). This could be misused to deposit large amounts outside the intended strategy.
Insufficient liquidity checks: Some functions (e.g., withdraw) rely on checks within the stakingPool contract to ensure sufficient liquidity for withdrawals. If those checks are bypassed or vulnerable, users might not be able to withdraw their funds as expected.

5. Informational Disclosure:

IPFS reliance: The contract relies on IPFS for storing distribution data (amount and shares per user). If IPFS becomes unavailable, users might not be able to claim their tokens.

Recommendations:

Implement proper access control mechanisms using roles and grants.
Thoroughly validate all user inputs to prevent unexpected behavior.
Use libraries or techniques to protect against reentrancy attacks.
Review the business logic to ensure intended behavior, especially for functions bypassing deposit limits.
Consider storing distribution data on-chain or using a more reliable storage solution.

These are just some potential vulnerabilities based on the code snippet. A full security audit is recommended for a comprehensive assessment.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.