The getInitialUnstakeEntry function of PoolBase returns the first active unstaking entry of a staker, which requires the current block to be strictly before the last block in the unstaking window. However, the unstake function allows the current block to be exactly the same as the last block (same logic in unstakeWindowExpiry).
Handle
shw
Vulnerability details
The
getInitialUnstakeEntryfunction ofPoolBasereturns the first active unstaking entry of a staker, which requires the current block to be strictly before the last block in the unstaking window. However, theunstakefunction allows the current block to be exactly the same as the last block (same logic inunstakeWindowExpiry).Proof of Concept
Referenced code: PoolBase.sol#L136 PoolBase.sol#L344 PoolBase.sol#L364
Recommended Mitigation Steps
Change the
<=comparison at line 136 to<for consistency.