*/
function depositStETH(Permit calldata permitData, address recipient)
external
restricted
returns (uint256 pufETHAmount)
{
try ERC20Permit(address(_ST_ETH)).permit({
owner: msg.sender,
spender: address(this),
value: permitData.amount,
deadline: permitData.deadline,
v: permitData.v,
s: permitData.s,
r: permitData.r
}) { } catch { }
// Transfer stETH from user to this contract. The amount received here can be 1-2 wei lower than the actual permitData.amount
SafeERC20.safeTransferFrom(IERC20(address(_ST_ETH)), msg.sender, address(this), permitData.amount);
// The PufferDepositor is not supposed to hold any stETH, so we sharesOf(PufferDepositor) to the PufferVault immediately
return PUFFER_VAULT.depositStETH(_ST_ETH.sharesOf(address(this)), recipient);
}
This discrepancy prevents the protocol from staking.
Bauer
medium
PufETHAdapter is unable to stake
Summary
The protocol fails to stake because it does not correctly pass the parameters when calling the
PUFFER_DEPOSITOR.depositStETH()
function.Vulnerability Detail
In the
PufETHAdapter._stake()
function, the protocol callsPUFFER_DEPOSITOR.depositStETH()
to deposit stETH into thePUFFER_DEPOSITOR
contract.It's important to note that
depositStETH()
protocol only passes one argument, whereas thedepositStETH()
function actually requires two arguments. https://etherscan.deth.net/address/0x4aa799c5dfc01ee7d790e3bf1a7c2257ce1dceffThis discrepancy prevents the protocol from staking.
Impact
Staking cannot be performed
Code Snippet
https://github.com/sherlock-audit/2024-05-napier-update/blob/main/napier-uups-adapters/src/adapters/puffer/PufETHAdapter.sol#L82
Tool used
Manual Review
Recommendation
The suggested fix is to pass the correct parameters according to the correct implementation.
Duplicate of #21