Closed sherlock-admin2 closed 7 months ago
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
It would be user mistake not to check how much is
stakeLimit
and stake more than the limit
takarez commented:
valid: medium(9)
LTDingZhen
medium
Users will lost their WETH if Lido stake limit is reached because there is no refund mechanism on prefundedDeposit.
Summary
When staked ETH in Lido approaches the limit, users' WETH will be frequently locked in the contract,
Vulnerability Detail
In
StEtherAdapter
, when users/Tranches try toprefundedDeposit
into LidoAdapter, they have to prefund their WETH into the adapter, but if Lido stake limit is reached, the portion of their WETH that exceeds the limit would be locked in the contract:Impact
When staked ETH in Lido approaches the limit, users' WETH will be frequently locked in the contract, and can be taken by a frontrunner when they can be deposited into Lido.
Code Snippet
https://github.com/sherlock-audit/2024-01-napier/blob/6313f34110b0d12677b389f0ecb3197038211e12/napier-v1/src/adapters/BaseLSTAdapter.sol#L133
Tool used
Manual Review
Recommendation
Add a refund mechanism to make sure no WETH is left in the contract.