Open c4-submissions opened 11 months ago
Will add check for zero amounts
I cannot label this one for some reason, but this feels like a Low priority and confirming
0xleastwood marked the issue as confirmed for report
0xleastwood marked the issue as satisfactory
0xleastwood marked the issue as not confirmed for report
0xleastwood marked the issue as confirmed for report
0xleastwood marked the issue as nullified
0xleastwood marked the issue as not confirmed for report
0xleastwood marked the issue as not nullified
0xleastwood marked the issue as satisfactory
Lines of code
Vulnerability details
Mitigation of H-02: Issue mitigated with ERROR
Mitigated issue
H-02: Zero amount withdrawals of SafEth or Votium will brick the withdraw process
The issue was that withdrawing afEth might imply a withdrawal of 0 safEth or vAfEth, which reverts.
Mitigation review
In the case of withdrawing 0 safEth, the call to SafEth.unstake() is now skipped in AfEth.withdraw(). In the case of withdrawing 0 vAfEth,
AfEth.requestWithdraw()
still callsVotiumStrategy.requestWithdraw(0)
. When finalizing the withdrawal withAfEth.withdraw()
, which callsVotiumStrategy.withdraw()
, a check is made to only callsellCvx()
with nonzero amounts. The request and withdrawal will thus not revert.Mitigation error
Since a
VotiumStrategy.requestWithdraw(0)
is still placed, this queues it to the end of all previous withdrawal requests (as if an infinitesimal amount is to be withdrawn), incurring an artificially prolonged withdrawal time.