Possible to prevent triple deposits

[0xfuje]

Severity

Medium

Impact

Denial of service for particular triples of the targeted user

Description

The depositTriple() function of EthMultiVault allows an user to deposit assets to a triple vault. However a malicious actor may prevent deposits (especially if large) if he spends generalConfig.minDeposit. This is because he can deposit to the triple's counter vault for the receiver who intends to deposit, which will make the initial user's deposit fail.

EthMultiVault.sol - depositTriple()

    function depositTriple(address receiver, uint256 id)
        external
        payable
        nonReentrant
        whenNotPaused
        returns (uint256)
    {
        if (!isTripleId(id)) {
            revert Errors.MultiVault_VaultNotTriple();
        }

        if (_hasCounterStake(id, receiver)) { 
            revert Errors.MultiVault_HasCounterStake();
        }

        if (msg.value < generalConfig.minDeposit) {
            revert Errors.MultiVault_MinimumDeposit();
        }

        uint256 protocolFees = protocolFeeAmount(msg.value, id);
        uint256 userDepositAfterProtocolFees = msg.value - protocolFees;

        // deposit eth into vault and mint shares for the receiver
        uint256 shares = _deposit(receiver, id, userDepositAfterProtocolFees);

        _transferFeesToProtocolVault(protocolFees);

        // distribute atom shares for all 3 atoms that underly the triple
        uint256 atomDepositFraction = atomDepositFractionAmount(userDepositAfterProtocolFees, id);
        _depositAtomFraction(id, receiver, atomDepositFraction);

        return shares;
    }

Attack scenario

1. User calls depositTriple() for himself 0x1 and id of 1 with 10 ETH
2. Attacker front-runs the call and deposits in the opposite vault of the id for the 0x1 user with the minimum deposit amount
3. User's TX executes and reverts because the _hasCounterStake() checker will fail