Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Possible DOS and loss of fund for 1st depositor on staking pool

danzero

Summary

First user to deposit into staking pool must deposit at least 1000 wei but next users can deposit as little as 1 wei causing unfair deposit requirement, minor loss of fund, and minor DOS for first user.

Vulnerability Details

The staking pool does not allow first deposit to be less than 1000 wei to combat vault inflation attack. While this is fine, the first depositor that tries to deposit less than 1000 wei will receive arithmetic error which will make the first depositor think the staking pool is not working. Then, when they try to increase the deposit 1 wei to 10 wei to 100 wei and finally 1000 wei it succeeds but it is not reflected in their share, the share is still 0.

Impact

First depositor lose 1000 wei
Unfair deposit requirement for first depositor
Minor DOS for first depositor

Tools Used

Manual Review

Recommendations

Add a require statement with descriptive error so that first depositor does not get the wrong idea. Alternatively give some kind of reward to recompensate for the loss of fund for first depositor.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.