Liquid Staking

Description:-

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/StakingPool.sol#L130

In `StakingPool.sol::deposit` function after depositing link token to stake it and mint stLink, the balance

of contract is increase becouse the token will transfer from user to contract and contract will mint stake token, in deposit function the starting balance and ending balance of contract is wrongly campared and will revert everytime when deposit occur, which will arise DOS issue. and no one can deposit in the StakingPool.

```solidit

function deposit(

address _account,

uint256 _amount,

bytes[] calldata _data

) external onlyPriorityPool {

require(strategies.length > 0, "Must be > 0 strategies to stake");

uint256 startingBalance = token.balanceOf(address(this));

if (_amount > 0) {

token.safeTransferFrom(msg.sender, address(this), _amount);

_depositLiquidity(_data);

_mint(_account, _amount);

totalStaked += _amount;

} else {

_depositLiquidity(_data);

}

uint256 endingBalance = token.balanceOf(address(this));

if (endingBalance > startingBalance && endingBalance > unusedDepositLimit)

revert InvalidDeposit();

}

```

Impact:-

Depositing into StakingPool contract will block and no one can stake token, which will break our protocol main functionality.

### POC:-

starting Balance of contract in token contract:- 100

user deposit amount:- 20

ending balance of contract in token contract:- 120

ending balance of contract is greather than starting balance but protocol check that if ending balance is great than

starting balance revert.

check that protocol do:- if (endingBalance > startingBalance && endingBalance > unusedDepositLimit);

\

Mitigation Step:-

use correct camparision operator

```diff

-- if (endingBalance > startingBalance && endingBalance > unusedDepositLimit)

```

```diff

++ if (endingBalance < startingBalance && endingBalance > unusedDepositLimit)

Tools Used:-

Manuaul Review, VCs