search

code-423n4 / 2023-06-stader-findings

1 stars 1 forks source link

NodeELRewardVault won't emit events upon rewards receival #402

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/9f1fc1217510b4f78e59c0fe854a3c2b64db963a/contracts/NodeELRewardVault.sol#L20

Vulnerability details

The receive function in NodeELRewardVault expects deposits from node rewards to emit the ETHReceived function. However, a block reward doesn't trigger any EVM code on the address.

Impact

Any indexing system depending on this event will fail to correctly account for the Ether received in proxies with implementation of NodeELRewardVault

Proof of Concept

Recommended Mitigation Steps

Stop relying on ETHReceived for indexing rewards.

Assessed type

ETH-Transfer

c4-judge commented 1 year ago

Picodes changed the severity to QA (Quality Assurance)