The value of queuedWithdrawals[i] is not updated correctly in WithdrawalPool.sol::_finalizeWithdrawals()
Summary
A logical flaw in the _finalizeWithdrawals function caused partiallyWithdrawableAmount to not be updated when sharesRemaining was less than or equal to sharesToWithdraw.
Vulnerability Details
In the current implementation, when sharesRemaining <= sharesToWithdraw, the code skips updating queuedWithdrawals[i], especially partiallyWithdrawableAmount remains unchanged. This results in users potentially expecting to withdraw funds according to their withdrawal request, but the contract does not correctly reflect this.
Impact
Users may not be able to withdraw the amount they expected due to stale data in the queuedWithdrawals array, potentially resulting in financial loss or loss of access to their assets.
Tools Used
Manual code analysis
Recommendations
Implement logic to ensure that partiallyWithdrawableAmount is updated even when sharesRemaining is less than or equal to sharesToWithdraw. The condition can be modified to ensure that all withdrawals, whether fully realized or not, accurately reflect the state of the withdrawal amount.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.