When relayerFee is increase, all deposits in mintDepositInQueue may fail
Vulnerability Detail
When deposits are queued, it needs to pass minRequiredDeposit(_assets). Assuming relayerFee is then increase, such that is exceeds one of the deposits, then when minRequiredDeposit is called, it will revert due to underflow.
Impact
A malicious actor can monitor the mempool for relayerFee increases, and send a tx with bare minimum deposit, thus disable the entire deposit queue.
datapunk
high
Increasing relayerFee may result in lost funds
Summary
When relayerFee is increase, all deposits in mintDepositInQueue may fail
Vulnerability Detail
When deposits are queued, it needs to pass minRequiredDeposit(_assets). Assuming relayerFee is then increase, such that is exceeds one of the deposits, then when minRequiredDeposit is called, it will revert due to underflow.
Impact
A malicious actor can monitor the mempool for relayerFee increases, and send a tx with bare minimum deposit, thus disable the entire deposit queue.
Code Snippet
https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L78 https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L326
Tool used
Manual Review
Recommendation
In minRequiredDeposit, skip deposits that fall below relayerFee.
Duplicate of #1