Submission Details
Severity:
If first depositor call SPool::deposit with DEAD_SHARES amount it'll receive 0 shares
Summary
If first depositor call SPool::deposit with DEAD_SHARES amount it'll receive 0 shares
Vulnerability Details
This is because DEAD_SHARES is substracted from amount to deposit, and if first staker deposits exactly DEAD_SHARES amount then it will receive 0 shares
Because function call flow
function deposit(
address _account,
uint256 _amount,
bytes[] calldata _data
) external onlyPriorityPool {
//...
if (_amount > 0) {
token.safeTransferFrom(msg.sender, address(this), _amount);
_depositLiquidity(_data);
=> _mint(_account, _amount);
// ...
}
Then StakingRewardsPool::_mint will call:
function _mint(address _recipient, uint256 _amount) internal override {
//...
uint256 sharesToMint = getSharesByStake(_amount);
=> _mintShares(_recipient, sharesToMint);
//...
}
StakingRewardsPool::_mintShares will substract DEAD_SHARES from amount and if amount = DEAD_SHARES:
function _mintShares(address _recipient, uint256 _amount) internal {
if (totalShares == 0) {
console.log("\t[i] totalShares == 0");
shares[address(0)] = DEAD_SHARES;
totalShares = DEAD_SHARES;
=> _amount -= DEAD_SHARES;
}
totalShares += _amount;
shares[_recipient] += _amount;
}
then shares for recipient will become zero
Impact
A first staker depositing DEAD_SHARES will receive 0 shares
Tools Used
Manual Review
Recommendations
Require amount to mint be great than DEAD_SHARES
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020 USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.