search

sherlock-audit / 2024-01-napier-judging

9 stars 6 forks source link

AuditorPraise - SFrxETHAdapter._stake() fails to check if `submit` is paused for frxETHMinter. #53

Closed sherlock-admin closed 7 months ago

sherlock-admin commented 7 months ago

AuditorPraise

medium

SFrxETHAdapter._stake() fails to check if submit is paused for frxETHMinter.

Summary

submit could be paused in the frxETHMinter at the time when SFrxETHAdapter._stake() is attempted and such scenarios isn't taken care of.

Vulnerability Detail

here is a code snippet from frxETHMinter on ETherscan and it has a require statement to ensure a revert whenever submitPaused == true. see here

   /// @notice Mint frxETH to the recipient using sender's funds. Internal portion
    function _submit(address recipient) internal nonReentrant {
        // Initial pause and value checks
        require(!submitPaused, "Submit is paused");
        require(msg.value != 0, "Cannot submit 0");

The issue is that this is completedly neglected by SFrxETHAdapter._stake() as it doesn't check if the submitPaused is set to TRUE in the frxETHMinter, before attempting to submit in SFrxETHAdapter._stake().

function _stake(uint256 stakeAmount) internal override returns (uint256) {
        IWETH9(Constants.WETH).withdraw(stakeAmount);
        FRXETH_MINTER.submit{value: stakeAmount}(); //@audit-issue   submit could be paused for frxETHMinter..
        uint256 received = STAKED_FRXETH.deposit(stakeAmount, address(this));
        if (received == 0) revert InvariantViolation();

        return stakeAmount;
    }

Impact

whenever submitPaused is set to TRUE in the frxETHMinter, prefundedDeposit will likely always revert for SFrxETHAdapter. this will DOS tranche.issue() if adapter is SFrxETHAdapter

Code Snippet

https://github.com/sherlock-audit/2024-01-napier/blob/main/napier-v1/src/adapters/frax/SFrxETHAdapter.sol#L74

Tool used

Manual Review

Recommendation

in SFrxETHAdapter._stake() check the frxETHMinter if submitPaused is set to TRUE and look for a way to handle such scenarios in a way that it wouldn't affect SFrxETHAdapter's prefundedDeposit. So as to avoid DOS whenever it is called by Tranche.issue()

sherlock-admin commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Invalid. External pausing is acceptable according to Readme