search

code-423n4 / 2023-06-stader-findings

1 stars 1 forks source link

There is no check to see if eth was successfully sent from ValidatorWithdrawalVault to StaderStakePoolsManager. #385

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/main/contracts/ValidatorWithdrawalVault.sol#L46 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderStakePoolsManager.sol#L78-L80

Vulnerability details

Impact

Eth may not complete successfully. As a result, the user will not receive their share from the validator.

Tools Used

Manual audit

Recommended Mitigation Steps

Add to StaderStakePoolManager.receiveWithdrawVaultUserShare() function. if(msg.value == 0) revert Error

Assessed type

Token-Transfer

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid