Liquid Staking

Summary

In the PriorityPool contract, the claimLSDTokens() function allows users to claim their LSD tokens based on a recorded amount in a Merkle tree. However, the function contains a logic flaw in the handling of claimed amounts tracked by accountClaimed and accountSharesClaimed. This flaw can lead to a Denial of Service (DoS) vulnerability, preventing users from claiming their LSD tokens if incorrect values are subtracted during subsequent calls.

Note: It has been confirmed by the sponsor that users will receive multiple claimable amounts over time, meaning they may need to claim different amounts at different times, which makes the proper tracking of claims critical (for evidence of the confirmation see the screenshot).

Vulnerability Details

The vulnerability lies in the subtraction logic used to calculate how much LSD the user can claim, as shown below:

Key Issues:

Incorrect Subtraction Logic: The subtraction used to calculate amountToClaim and sharesAmountToClaim is flawed. If the user attempts to claim a smaller amount in a subsequent transaction than what was previously recorded, the subtraction will underflow, causing the transaction to revert.

Example Flow of the Issue:

1. User Becomes Eligible to Claim LSD (First Claim):

   • The user is eligible to claim 1200 LSD tokens.

   • The user calls the claimLSDTokens() function and successfully claims the 1200 LSD tokens.

   • This claim is recorded in the accountClaimed[user] state variable, so accountClaimed[user] = 1200 after the first transaction.

2. User Becomes Eligible for a Second Claim:

   • The user again becomes eligible to claim LSD tokens, but this time the eligible amount is only 1000 LSD.

   • The user attempts to claim these 1000 LSD tokens by calling claimLSDTokens() again.

3. Underflow in Subtraction:

   • During this second claim, the contract attempts to calculate the amount of LSD tokens the user is eligible to claim by performing the following calculation:

     uint256 amountToClaim = _amount - accountClaimed[user];

   • Since accountClaimed[user] = 1200 from the previous claim, the calculation becomes:

     uint256 amountToClaim = 1000 - 1200;

   • This results in an underflow, which causes the transaction to revert.

4. Permanent Lockout (DoS):

   • As a result of this underflow, the user is unable to complete the claim.

   • Moreover, since the state variable accountClaimed[user] has already been set to 1200, any subsequent attempt to claim a smaller amount (less than 1200 LSD) will continue to fail, permanently blocking the user from claiming their tokens.

Impact

Users are DoSed from claiming their LSD tokens.

Tools Used

Manual code review

Recommendations

Based on the audit, the logic of subtracting accountClaimed and accountSharesClaimed seems unnecessary. The suggestion is to simplify the function and remove the subtraction entirely. The amount a user can claim should be correctly recorded in the Merkle tree entry, and users should only be allowed to claim the amount specified in the Merkle proof.

By simplifying the logic and removing these unnecessary calculations, the function can avoid underflows, prevent potential DoS attacks, and ensure users can claim their tokens over time as intended by the sponsor.