/// @notice Deposits ETH into Rocket Pool and mints the corresponding amount of rETH to the caller
function deposit() override external payable onlyThisLatestContract {
// Check deposit settings
RocketDAOProtocolSettingsDepositInterface rocketDAOProtocolSettingsDeposit = RocketDAOProtocolSettingsDepositInterface(getContractAddress("rocketDAOProtocolSettingsDeposit"));
require(rocketDAOProtocolSettingsDeposit.getDepositEnabled(), "Deposits into Rocket Pool are currently disabled");
require(msg.value >= rocketDAOProtocolSettingsDeposit.getMinimumDeposit(), "The deposited amount is less than the minimum deposit size");
Impact
Tranche.issue() may revert @ adapter.prefundedDeposit() Ln if adapter is RETH Adapter.
AuditorPraise
medium
Tranche.issue() may revert @
adapter.prefundedDeposit()
Ln if adapter is RETH Adapter.Summary
Rocket pool deposits could be disabled and this directly affects the functionality of a contract in scope for this audit.
Vulnerability Detail
Tranche.issue() issues Principal Token (PT) and Yield Token (YT) to
to
in exchange forunderlyingAmount
of underlying token.The issue is that the function may revert at Ln 208 if the Adapter is RETH Adapter
this revert will be caused due to RETH Adapter's failure to check if the Rocket pool deposits are enabled before attempting to deposit into it.
see here
Impact
Tranche.issue() may revert @
adapter.prefundedDeposit()
Ln if adapter is RETH Adapter.Code Snippet
https://github.com/sherlock-audit/2024-01-napier/blob/main/napier-v1/src/Tranche.sol#L208
https://github.com/sherlock-audit/2024-01-napier/blob/main/napier-v1/src/adapters/rocketPool/RETHAdapter.sol#L65
Tool used
Manual Review
Recommendation
check in the RETH Adapter if the Rocket pool deposit's are enabled before depositing. If it isn't, look for a way around.