c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
Closed c4-submissions closed 11 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #43
c4-judge
commented
11 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTDepositPool.sol#L1-L216
Vulnerability details
Description
The Kelp DAO protocol lacks a critical feature—a withdrawal function. This absence means that users currently have no way to retrieve their deposited assets from the protocol. In the world of decentralized finance (DeFi), where user control and flexibility are paramount, the absence of a withdrawal function can be a significant limitation.
Impact
Inability to Withdraw Deposited Assets: The primary impact of this issue is that users cannot withdraw assets they've deposited into the Kelp DAO protocol. Essentially, this means that once assets are committed, users have no means to initiate withdrawals. This lack of flexibility can be a significant inconvenience.
Reduced User Freedom: The absence of a withdrawal function restricts users within the protocol. They are unable to move their assets as needed, respond to market dynamics, or make strategic decisions based on their financial goals.
Explanation
A withdrawal function is a fundamental component of DeFi protocols. It empowers users by allowing them to access their assets when they need them. Without this feature, users are effectively locked into the protocol, unable to manage their assets according to their preferences.
In the context of Kelp DAO, the absence of a withdrawal function means that once assets are deposited, there's no way to initiate a withdrawal. This limitation can be especially problematic if users want to transfer their assets to other protocols, trade them on external platforms, or adapt to changing market conditions.
Proof of Concept
The absence of a withdrawal function is evident upon reviewing the Kelp DAO protocol's codebase. There is no provision for users to initiate asset withdrawals in the current implementation.
Recommended Mitigation Steps
To enhance user experience and align with DeFi principles, it is advisable to implement a withdrawal function within the Kelp DAO protocol. This feature would empower users by allowing them to initiate withdrawals of their deposited assets, providing them with much-needed control and flexibility over their holdings. This step would also ensure that the protocol remains in line with the core principles of decentralized finance, where users have full access to their assets within the platform.
Assessed type
Error