Open code423n4 opened 1 year ago
dmvt marked the issue as duplicate of #140
dmvt marked the issue as selected for report
vince0656 marked the issue as sponsor acknowledged
vince0656 marked the issue as sponsor confirmed
dmvt marked the issue as satisfactory
JeeberC4 marked the issue as not a duplicate
JeeberC4 marked the issue as primary issue
Lines of code
https://github.com/code-423n4/2022-11-stakehouse/blob/4b6828e9c807f2f7c569e6d721ca1289f7cf7112/contracts/liquid-staking/ETHPoolLPFactory.sol#L111
Vulnerability details
Description
Interaction with SavETHVault and StakingFundsVault require a minimum amount of MIN_STAKING_AMOUNT. In order to be used for staking, there needs to be 24 ETH or 4 ETH for the desired BLS public key in those vaults. The issue is that vaults can be griefed and made impossible to use for depositing by constantly making sure the remaining amount to be added to complete the deposit to the maxStakingAmountPerValidator, is under MIN_STAKING_AMOUNT.
In _depositETHForStaking:
MED - Can grief vaults (SavETHVault, StakingFundsVault) and make them not able to be used for staking by depositing so that left to stake is < MIN_STAKING_AMOUNT. Then it will fail maxStakingAmount check @ _depositEthForStaking
Impact
Vaults can be griefed to not be able to be used for deposits
Proof of Concept
Note that depositers may try to remove their ETH and redeposit it to complete the deposit to 24. However attack may still keep the delta just under MIN_STAKING_AMOUNT.
Tools Used
Manual audit
Recommended Mitigation Steps
Handle the case where the remaining amount to be completed is smaller than MIN_STAKING_AMOUNT, and allow the deposit in that case.