PriorityPool::depositQueuedTokens allows to bypass deposit limits set by contract and this function is callable by anyone
Summary
The function PriorityPool::depositQueuedTokens allows to bypass deposit limits set by contract and this function is callable by anyone.
Vulnerability Details
Functions in priorityPool used to deposit to StakingPool like PriorityPool::performUpkeep utilizes queueDepositMin and queueDepositMax (set in initializer or with setQueueDepositParams) values as a restriction to check if a deposit should and can be made and like the code comments says will revert if not:
However the function PriorityPool::depositQueuedTokens allows to bypass this limits and this function is callable by anyone.
So, this made the restriction imposed by contract's queueDepositMin and queueDepositMax values pointless.
Impact
Broken access control on depositQueuedTokens allows to bypass deposit limits and is callable by anyone, can be used to deposit by anyone at any time with any arbitrary amount and specially when some specific contract states happens, allowing to frontrun other user txs for example.
Tools Used
Manual Review
Recommendations
Implement an access control for PriorityPool::depositQueuedTokens such as onlyOwner
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.