Liquid Staking

Summary

The setVaultDeploymentParams function allows the owner to update vaultDeploymentThreshold and vaultDeploymentAmount. This affects the behavior of checkUpkeep and performUpkeep functions, which determine when new vaults should be deployed. Improperly setting these parameters can lead to unexpected behavior, where new vaults are not deployed as intended.

Vulnerability Details

The setVaultDeploymentParams function allows for updates to the vaultDeploymentThreshold, which is used by the checkUpkeep function to return a boolean indicating whether a new batch of vaults should be deployed. If the vaultDeploymentThreshold is set too low, the checkUpkeep function may return false more frequently, preventing the performUpkeep function from deploying new vaults.

When the threshold is improperly set, performUpkeep will fail to deploy new vaults as expected, since the function reverts if the condition (vaults.length - globalVaultState.depositIndex) >= vaultDeploymentThreshold is not met. This could cause a disruption in the expected deployment of vaults.

Impact

If the vaultDeploymentThreshold is set too low, new vaults will not be deployed when needed, which could lead to a significant operational delay. This would negatively affect the performance of the protocol, potentially limiting liquidity availability and leading to inefficiencies in the system.

Tools Used

Manual review.

Recommendations

There should be safeguards in place when updating the vaultDeploymentThreshold in the setVaultDeploymentParams function. Specifically:

• Implement checks to ensure that the vaultDeploymentThreshold is set within a reasonable range based on the number of already deployed vaults or liquidity demands.

• Consider adding validation logic that prevents setting thresholds too low or high, which could disrupt the proper functioning of the vault deployment process.