Incomplete Update of Withdrawal Accounting in `_finalizeWithdrawals` Function
Summary
https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/priorityPool/WithdrawalPool.sol#L422
The _finalizeWithdrawals function contains a logic flaw where the queuedWithdrawals[i] entries are not updated when a withdrawal is fully finalized, resulting in incorrect accounting for withdrawals. This oversight can lead to inconsistent state management and potentially double-counting of withdrawals or leaving invalid entries in the system.
Vulnerability Details
In the case where sharesRemaining < sharesToWithdraw, the withdrawal is fully processed, but the entry in queuedWithdrawals[i] is not updated to reflect that the withdrawal has been completed:
Similary:
Impact
By not updating
queuedWithdrawals[i], the system may continue to treat fully finalized withdrawals as pending. This can result in incorrect tracking of user balances and lead to incorrect withdrawal calculations or errors when the system attempts to process future withdrawals.The stale data in queuedWithdrawals[i] could persist, creating confusion for both the system and the users. The state of queued withdrawals would not accurately reflect reality, potentially leading to errors in further accounting and interactions.
The system might double-count the fully processed withdrawals if they are not marked as completed. This could lead to over-withdrawals, causing fund depletion or mismanagement of liquidity in the system.
Tools Used
Manual code review
Recommendations
Update queuedWithdrawals[i] according to the amount substracted in each case.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.