Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

depositsSinceLastUpdate and sharesSinceLastUpdate should be reduced when making a withdrawal

eason

Summary

depositsSinceLastUpdate represents the total number of tokens deposited into the staking pool since the last distribution, while sharesSinceLastUpdate indicates the total number of shares received for tokens deposited into the staking pool since the last distribution. When withdrawing, both the total number of deposited tokens and the total number of received shares are reduced.

Vulnerability Details

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/priorityPool/PriorityPool.sol#L672

In the withdraw function, the total number of deposited tokens and the total number of received shares are decreased. However, the total number of deposited tokens remains unchanged when making a withdrawal.

Impact

wrongly calculated sharesSinceLastUpdate and depositsSinceLastUpdate

Tools Used

Manual code review

Recommendations

Reduce sharesSinceLastUpdate and depositsSinceLastUpdate when making a withdrawal.

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.