Some of the valid deposits may revert!
Summary
The queueWithdrawal function in the WithdrawalPool contract contains a check to ensure that the withdrawal amount is not less than a specified minimum (minWithdrawalAmount). This check can cause a transaction to revert when the function is called from the PriorityPool contract, particularly when the amount to be withdrawn is a residue after processing queued tokens.
Vulnerability Details
Steps to Reproduce:
A user initiates a withdrawal from the
PriorityPoolcontract.The
PriorityPoolattempts to fulfill the withdrawal request using queued tokens.If the requested withdrawal amount exceeds the available queued tokens, the remaining amount (residue) is passed to the
queueWithdrawalfunction in theWithdrawalPool.If this residue amount is less than
minWithdrawalAmount, the transaction reverts due to the check inqueueWithdrawal.
Impact
This issue can prevent users from successfully withdrawing their tokens if the residue amount is less than the minimum withdrawal threshold.It can be adjusted by reducing the withdrawal amount or filling the withdrawal request in batches . But It can lead to user frustration and potential loss of trust in the system's reliability.
Tools Used
Manual Review , Cursor .
Recommendations
It can be solved in multiple ways . One of them could be :
Handling the residue amount within the PriorityPool contract to ensure it meets the minimum requirement before calling queueWithdrawal.
Lead Judging Commences
A withdrawal of totalQueued + x with x < minWithdrawal amount will revert
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.