Liquid Staking

Summary

In a case where a user calls PriorityPool::withdraw function with _shouldUnqueue and _shouldQueueWithdrawal as true booleans, with enough _amountToWithdraw that it has to go to the last stage of withdrawal: queueWithdrawal. And in the last step, if not enough amount is left, the whole withdrawal process will revert.

Code Section

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/priorityPool/PriorityPool.sol#L317

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/priorityPool/WithdrawalPool.sol#L303

Vulnerability Details

1. The user calls PriorityPool::withdraw with both _shouldUnqueue and _shouldUnqueue set as true.

2. The first deduction of the amount will be made: toWithdraw -= amountToUnqueue

3. Tokens are remaining after unqueueing, next step PriorityPool::_withdraw is called.

4. Let's say totalQueued != 0 so a second deduction is made: toWithdraw -= toWithdrawFromQueue

5. toWithdraw is still not zero, so WithdrawalPool::queueWithdrawal is called (Notice that they don't have a choice to set _shouldQueueWithdrawal as true otherwise it will revert). If toWithdraw remaining amount is too low at this stage, the whole process will revert, and the user can do nothing about it since both the priority queue and withdrawal queue deductions are out of their control, relying on dynamic conditions.

Impact

Users won't be able to withdraw if the remaining amount gets too low after the deductions. Because these deductions depend on changing conditions, there's no way for users to control or predict when the process will fail.

Tools Used

Manual Review

Recommendations

I do not have a suitable recommendation for this