The _stake function in the PufETHAdapter will always fail
Summary
The PufETHAdapter smart contract attempts to call the depositStETH function in the Puffer Depositor smart contract, but as indicated in the title, this call will always fail.
Vulnerability Detail
Here's what happens when a user calls the issue function in Tranche.sol with the PufETHAdapter adapter:
merlin
medium
The _stake function in the PufETHAdapter will always fail
Summary
The
PufETHAdapter
smart contract attempts to call thedepositStETH
function in thePuffer Depositor
smart contract, but as indicated in the title, this call will always fail.Vulnerability Detail
Here's what happens when a user calls the
issue
function inTranche.sol
with thePufETHAdapter
adapter:The
PufETHAdapter
interacts withPUFFER_DEPOSITOR
(0x4aA799C5dfc01ee7d790e3bf1a7C2257CE1DcefF
) and makes the following call:However, if we look at the
depositStETH
function, it takes two arguments:Therefore, the
depositStETH
call will always fail because the function is being called with only one argument, missing theaddress recipient
.Impact
Users cannot make deposits into the Puffer protocol.
Code Snippet
src/adapters/puffer/PufETHAdapter.sol#L82
Tool used
Manual Review
Recommendation
Consider calling the
depositStETH
function with two arguments:Permit permitData
andaddress recipient
.Duplicate of #21