Closed sherlock-admin4 closed 4 months ago
The protocol decided to make pausable entry-point functions (stake and restake) and not some of the exit-point functions (exiting late and withdrawals). In case of an emergency, users will be able to withdraw the staked funds but not to stake again or withdraw rewards. Because this is the intended design of the protocol, this issue is low (invalid).
aman
medium
Add whenNotPause on
exitLateById
Summary
The User who has called the
exitLateById
would not be able to stake again because ofwhenNotPause
modifier onstake
function and no such modifier onexitLateById
.Vulnerability Detail
The Protocol allow stakers to un-stake either early or late via calling
earlyExitById
orexitLateById
function respectively . So in case of early exit the staker will pay the penalty fee and withdraw there tokens. while in other case the staker could withdraw their token after cool down period or re-stake again viarestakeAfterLateExit
function. The Issue could arise when users wants to stake for other Multiplier or has calledexitLateById
this function mistakenly. In both cases The staker only need to select Multiplier which lock period is greater then either current lock period or default lock period. For Late exit user would callexitLateById
:and for restaking
The following case would occur:
exitLateById
from current Multiplier which is 1 in our case.restakeAfterLateExit
with index of Multiplier 2.Test Case :
Place the test case inside
RestakeAfterLateExit.t.sol
and run with command :forge test --mt testRestakePauseReverts -vvv
Impact
The Staker could not be able to re-stake in case of Protocol is Pause.
Code Snippet
https://github.com/sherlock-audit/2024-05-gamma-staking/blob/main/StakingV2/src/Lock.sol#L349 https://github.com/sherlock-audit/2024-05-gamma-staking/blob/main/StakingV2/src/Lock.sol#L378
Tool used
Manual Review
Recommendation
Either add
whenNotPause
onexitLateById
or allow the only the restaking while the protocol ispaused
.