c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
Closed c4-submissions closed 10 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
raymondfam
commented
11 months ago Inadequate elaboration as described in #92.
c4-pre-sort
commented
11 months ago raymondfam marked the issue as primary issue
c4-judge
commented
10 months ago fatherGoose1 marked the issue as unsatisfactory: Insufficient proof
c4-judge
commented
10 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTDepositPool.sol#L119 https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTDepositPool.sol#L133
Vulnerability details
in
depositAsset()the amount that users can stake is limited to a certain amount of an asset depending on EigenLayer . A malicious can front-run a user deposit transaction with an amount to make the pool reach the deposit limit so the user transaction will revert due to limit reached . The malicious user can later withdraw his assets in future upgrades when withdraw is implemented .Impact
the main function of the protocol is impacted
Tools Used
Manual Review
Recommended Mitigation Steps
limit the amount that can be deposited by a single user .
Assessed type
DoS