Closed c4-submissions closed 10 months ago
raymondfam marked the issue as insufficient quality report
Inadequate elaboration as described in #92.
raymondfam marked the issue as primary issue
fatherGoose1 marked the issue as unsatisfactory: Insufficient proof
fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTDepositPool.sol#L119 https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTDepositPool.sol#L133
Vulnerability details
in
depositAsset()
the amount that users can stake is limited to a certain amount of an asset depending on EigenLayer . A malicious can front-run a user deposit transaction with an amount to make the pool reach the deposit limit so the user transaction will revert due to limit reached . The malicious user can later withdraw his assets in future upgrades when withdraw is implemented .Impact
the main function of the protocol is impacted
Tools Used
Manual Review
Recommended Mitigation Steps
limit the amount that can be deposited by a single user .
Assessed type
DoS