FoundrySolidityLayer 2
7.25 ETH
Submission Details
Impact: low
Likelihood: low

`stake()` locks expiry permanently on the first stake, allowing a malicious user to abuse withdraw and deny owner expiry updates.

Author Revealed upon completion

Details

In src/ConfidencePool.sol, stake() sets expiryLocked = true when the first stake occurs:

if (!expiryLocked) {
expiryLocked = true;
}

Link to code

A user can perform a minimal stake and then immediately call withdraw(), leaving expiryLocked true. That state permanently blocks setExpiry() because it reverts when expiryLocked is set.

Impact

Owner cannot update the pool expiry after the first stake, even when scope changes or a valid extension is needed.

This can freeze owner maintenance and lock the contract into an invalid lifecycle.

Malicious user can keep doing this on all pools being deployed by an aggreement or in the protocal making the expiry update feature totally useless

Recommendation Mitigation

Consider unlocking expiry updates for cases where a withdraw makes total stake become zero

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!