Sellers can withdraw token at least two cycle after deposit their token. However they can do it with first transfer token from another account and use requestWithdraw and deposit later token and can withdraw in the same cycle.
Vulnerability Detail
In requestWithdraw it just look balance of SToken and record for two cycle after, how much token can withdraw this account. A user can transfer among accounts and use request withdraw. So user can have a chance to withdraw more token then he has. With that situation user can withdraw token which is deposited in this cycle.
Steps are:
1-First withdraw money and requestWithdraw.
2-After that transferSToken and requestWithdraw for this account too.
3-By this way user has chance to withdraw more money than deposited so a user can deposit money in the next two cycle and can withdraw before it should supposed.
Impact
Normally a user should wait two cycle after deposit their token however they can use tactic as shown above, they can withdraw that deposited money before wait two cycle.
mert_eren
high
Can withdraw money before it supposed to do
Summary
Sellers can withdraw token at least two cycle after deposit their token. However they can do it with first transfer token from another account and use requestWithdraw and deposit later token and can withdraw in the same cycle.
Vulnerability Detail
In requestWithdraw it just look balance of SToken and record for two cycle after, how much token can withdraw this account. A user can transfer among accounts and use request withdraw. So user can have a chance to withdraw more token then he has. With that situation user can withdraw token which is deposited in this cycle. Steps are: 1-First withdraw money and requestWithdraw. 2-After that transferSToken and requestWithdraw for this account too. 3-By this way user has chance to withdraw more money than deposited so a user can deposit money in the next two cycle and can withdraw before it should supposed.
Impact
Normally a user should wait two cycle after deposit their token however they can use tactic as shown above, they can withdraw that deposited money before wait two cycle.
Code Snippet
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/pool/ProtectionPool.sol#L1062
Tool used
Manual Review
Recommendation
After Stoken transfer, users request witdraw can be decreased with same amount of transfer and warning user with that situation can be a solution.
Duplicate of #292