The contract does not implement a withdrawal delay or cooldown period, which could be a design choice but might also expose the system to liquidity risks if many users decide to withdraw simultaneously.
Vulnerability Detail
function requestWithdrawal() external virtual nonReentrant onlyRebalancer {
if (requestId != 0) revert WithdrawalPending();
uint256 targetBufferEth = (totalAssets() * targetBufferPercentage) / BUFFER_PERCENTAGE_PRECISION;
// If the buffer exceeds the target buffer, revert.
// If the buffer is insufficient, request a withdrawal to refill the buffer.
// note: use `>=` instead of `>` to prevent amount of ETH to withdraw to be 0
// note: At this point, `withdrawalQueueEth` is 0 because there is no pending withdrawal request.
// `nonStakedEth` = `bufferEth` + 0 = `bufferEth`
uint256 bufferEthCache = bufferEth;
if (bufferEthCache >= targetBufferEth) revert BufferTooLarge();
unchecked {
// Ensure that `withdrawAmount` is non-zero and withdrawalQueueEth is zero.
uint256 withdrawAmount = targetBufferEth - bufferEthCache; // no underflow
/// WRITE & INTERACT ///
// Record the pending withdrawal request
// Request a withdrawal
bareli
medium
No withdraw delay or cooldown period,
Summary
Vulnerability Detail
function requestWithdrawal() external virtual nonReentrant onlyRebalancer { if (requestId != 0) revert WithdrawalPending();
@> (uint256 queueAmount, uint256 _requestId) = _requestWithdrawal(withdrawAmount); withdrawalQueueEth = queueAmount.toUint128(); requestId = _requestId; } }
Impact
the system to liquidity risks if many users decide to withdraw simultaneously.
Code Snippet
https://github.com/sherlock-audit/2024-01-napier/blob/main/napier-v1/src/adapters/BaseLSTAdapter.sol#L179
Tool used
Manual Review
Recommendation
implement withdrawal delay or cooldown period