search

sherlock-audit / 2024-05-napier-update-judging

8 stars 7 forks source link

fandonov - The `RenzoAdapter.sol` contract doesn't check for the current staking limit in the `_stake` function #18

Closed sherlock-admin4 closed 4 months ago

sherlock-admin4 commented 5 months ago

fandonov

medium

The RenzoAdapter.sol contract doesn't check for the current staking limit in the _stake function

Summary

The RenzoAdapter.sol contract is supposed to check the current staking limit in the _stake function to prevent Denial of Service but it doesn't.

Vulnerability Detail

As it is said in the natspec the _stake function needs to check the current staking limit to prevent DoS but it doesn't. When the stakeAmount is specified if it is more than the current staking limit, the function is supposed to set the stakeAmount as the staking limit. By doing this the function prevents DoS. But in this case, the _stake function doesn't have the check for the current staking limit and the stakeAmount can be whatever is specified which can be way more than the staking limit.

Impact

Not having the check for the current staking limit in the function can lead to DoS. The attacker can overwhelm the network by sending more traffic that depletes the memory and bandwidth of the server.

Code Snippet

https://github.com/sherlock-audit/2024-05-napier-update/blob/c31af59c6399182fd04b40530d79d98632d2bfa7/napier-uups-adapters/src/adapters/renzo/RenzoAdapter.sol#L58-L70

Tool used

Manual Review

Recommendation

Put a check in the function which checks if the stakeAmount is more than the stakeLimit and if it is make the stakeAmount the same as the stakeLimit.

This is an example of how it can be done:

        uint256 stakeLimit = EZETH.getCurrentStakeLimit();
        if (stakeAmount > stakeLimit) {
            // Cap stake amount
            stakeAmount = stakeLimit;
        }

Duplicate of #24

massun-onibakuchi commented 5 months ago

Could you provide links where rzETH limits stake amount?

IronsideSec commented 5 months ago

Could you provide links where rzETH limits stake amount?

https://etherscan.io/address/0xbaacd5f849024dcc80520baa952f11adfc59f9d0#code#F1#L558 Line 558 on https://etherscan.deth.net/address/0xbaacd5f849024dcc80520baa952f11adfc59f9d0