Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

While adding fee receiver if the recipient is not a EOA, it can revert all the fee distribution functions

demorextess

Summary

While adding fee receiver if the recipient is not a EOA, it can revert all the fee distribution functions

Vulnerability Details

In VaultControllerStrategy, adding a fee receiver is implemented following way:

function addFee(address _receiver, uint256 _feeBasisPoints) external onlyOwner {

_updateStrategyRewards();

// @audit it should check receiver is contract or not, if receiver is a contract then it should implements callback

fees.push(Fee(_receiver, _feeBasisPoints));

if (_totalFeesBasisPoints() > 3000) revert FeesTooLarge();

}

Those fees are distributed using transferAndCallFrom function in staking pool's update strategy rewards function

if (totalFeeAmounts > 0) {

uint256 sharesToMint = (totalFeeAmounts * totalShares) /

(totalStaked - totalFeeAmounts); // @audit 1 wei corner case High

_mintShares(address(this), sharesToMint);

uint256 feesPaidCount;

for (uint256 i = 0; i < receivers.length; i++) {

for (uint256 j = 0; j < receivers[i].length; j++) {

if (feesPaidCount == totalFeeCount - 1) {

transferAndCallFrom(

address(this),

receivers[i][j],

balanceOf(address(this)),

"0x"

);

} else {

transferAndCallFrom(address(this), receivers[i][j], feeAmounts[i][j], "0x");

feesPaidCount++;

}

By default transferAndCallFrom function will call fee receiver after sending the funds to the contract and if it's not implemented the correct callback function it will revert whole distribution in staking pool.

Impact

It will cause DoS in certain scenarios. The callback function should be implemented in fee receiver and adding fee receiver check that function is implemented or not.

Tools Used

Manual Review

Recommendations

If the receiver is not EOA, checking the function implementation in contract will prevent DoS

Updates

Lead Judging Commences

inallhonesty Lead Judge

7 months ago

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Too generic

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.