Liquid Staking

Summary

There is an issue in the stakingPool contract that can result in a depositor receiving zero shares during the first deposit if the deposit amount is exactly equal to the constant DEAD_SHARES. The problem arises due to how the initial minting of shares is handled, subtracting the value of DEAD_SHARES from the user's intended shares, potentially resulting in no shares being minted for that first deposit.

Vulnerability Details

The _mintShares function has a check to ensure that if no shares have been minted yet (totalShares == 0), a predefined number of dead shares (DEAD_SHARES) is allocated to the address(0) to prevent the total share supply from being zero. After allocating these dead shares, the deposited amount is reduced by DEAD_SHARES. If the initial deposit equals or is less than DEAD_SHARES, the depositor will receive no shares.

This vulnerability occurs in the following code segment:

If _amount == DEAD_SHARES, the calculated shares for the depositor will be zero after the dead shares are subtracted, meaning no shares will be minted for the user, effectively nullifying their deposit.

Impact

The vulnerability causes the first depositor to receive zero shares if their deposit equals the DEAD_SHARES amount. As a result:

• The depositor's stake in the pool will be nullified even though they transferred tokens.

• This could lead to frustration and potential loss of funds for the first depositor.

• It creates an unexpected behavior in the system, which could undermine user trust and affect the pool’s functionality for early adopters.

Tools Used

Recommendations

To resolve this issue and ensure that the first depositor receives shares, even if their deposit is equal to DEAD_SHARES, the following recommendations should be considered:

Enforce a minimum deposit amount: Implement a check in the deposit or _mint function to ensure that the deposit amount exceeds DEAD_SHARES. For example: