Liquid Staking

Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Submission Details
Severity: low
Invalid

While adding fee receiver if the recipient is not a EOA, it can revert all the fee distribution functions

Summary

While adding fee receiver if the recipient is not a EOA, it can revert all the fee distribution functions

Vulnerability Details

In VaultControllerStrategy, adding a fee receiver is implemented following way:

function addFee(address _receiver, uint256 _feeBasisPoints) external onlyOwner {
_updateStrategyRewards();
// @audit it should check receiver is contract or not, if receiver is a contract then it should implements callback
fees.push(Fee(_receiver, _feeBasisPoints));
if (_totalFeesBasisPoints() > 3000) revert FeesTooLarge();
}

Those fees are distributed using transferAndCallFrom function in staking pool's update strategy rewards function

if (totalFeeAmounts > 0) {
uint256 sharesToMint = (totalFeeAmounts * totalShares) /
(totalStaked - totalFeeAmounts); // @audit 1 wei corner case High
_mintShares(address(this), sharesToMint);
uint256 feesPaidCount;
for (uint256 i = 0; i < receivers.length; i++) {
for (uint256 j = 0; j < receivers[i].length; j++) {
if (feesPaidCount == totalFeeCount - 1) {
transferAndCallFrom(
address(this),
receivers[i][j],
balanceOf(address(this)),
"0x"
);
} else {
transferAndCallFrom(address(this), receivers[i][j], feeAmounts[i][j], "0x");
feesPaidCount++;
}
}
}
}

By default transferAndCallFrom function will call fee receiver after sending the funds to the contract and if it's not implemented the correct callback function it will revert whole distribution in staking pool.

Impact

It will cause DoS in certain scenarios. The callback function should be implemented in fee receiver and adding fee receiver check that function is implemented or not.

Tools Used

Manual Review

Recommendations

If the receiver is not EOA, checking the function implementation in contract will prevent DoS

Updates

Lead Judging Commences

inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.