Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Partial withdrawals are not possible in PriorityPool::_withdraw

PairPoint Audits

Summary

If a user wants to withdraw tokens, if there isn't enough space for their entire withdrawal and they don't want to queue their withdrawal, they don't receive a partial withdrawal and instead the transaction just reverts.

Vulnerability Details

The issue is that partial withdrawals will not take place when _withdraw is called if _shouldQueueWithdrawal is false and the users full withdrawal doesn't take place. As a result, instead of a user receiving a fraction of the rewards they desire, they will end up receiving 0 of the rewards they desire.

In PriorityPool::_withdraw

if (toWithdraw != 0) {

if (!_shouldQueueWithdrawal) revert InsufficientLiquidity();

withdrawalPool.queueWithdrawal(_account, toWithdraw);

}

Impact

Users

Tools Used

Manual

Recommendations

Allow for the condition of a partial withdrawal if _shouldQueueWithdrawal is false as an alternative to the transaction completely reverting.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.