The design of `PriorityPool::_deposit` can leave period where space is available in the `StakingPool`, but not filled.
Vulnerability Details
In the deposit process on PriorityPool, the function _deposit first check if there is a queue in PriorityPool, which means that the queue for withdrawal is not empty and there is probably no space to deposit in StakingPool. Since in the deposit process, PriorityPool queue is the last one filled.
The vulnerability occurs when :
There is a queue in
PriorityPoolThe queue in
WithdrawalPoolbecomes emptySpace is available in
StakingPool.
The first check in the _deposit function is to verify if there is a queue in the PriorityPool; if that is the case, it fills the queue, even if there is space in the StakingPool.
Queued tokens from the PriorityPool can still be deposited into the StakingPool by calling depositQueuedTokens, but this is not the optimal way, as it leaves a time when the StakingPool is not filled.
Impact
Period where space is available in the StakingPool, but not filled.
Tools Used
Manual Review
Recommendations
Add a check at the beginning of the _deposit function to verify whether there is space available to fill in the StakingPool.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.