When calling the depositSTETH function through PUFFER_DEPOSITOR it will fail in PufETHAdapter contract because of usage of different versions.
Vulnerability Detail
The main cause of this issue is depositSTETH function doesnt have a recipient so the function will revert because napier PufETHAdapter is using v1 of puffethdepositor instead of v2 which has been updated recently which adds a recipent address parameter.
As we can see the pufETH has been upgraded to v2 https://github.com/PufferFinance/pufETH/releases/tag/v2.0.0
function _stake(uint256 stakeAmount) internal override returns (uint256) {
if (stakeAmount == 0) return 0;
uint256 stakeLimit = STETH.getCurrentStakeLimit();
if (stakeAmount > stakeLimit) {
// Cap stake amount
stakeAmount = stakeLimit;
}
IWETH9(Constants.WETH).withdraw(stakeAmount);
uint256 _stETHAmt = STETH.balanceOf(address(this));
STETH.submit{value: stakeAmount}(address(this));
_stETHAmt = STETH.balanceOf(address(this)) - _stETHAmt;
if (_stETHAmt == 0) revert InvariantViolation();
// Stake stETH to PufferDepositor
uint256 _pufETHAmt = PUFFER_DEPOSITOR.depositStETH(Permit(block.timestamp, _stETHAmt, 0, 0, 0)); // no recepient
if (_pufETHAmt == 0) revert InvariantViolation();
return stakeAmount;
}
here is the v2 version
/**
* @inheritdoc IPufferDepositorV2
*/
function depositStETH(Permit calldata permitData, address recipient)
external
restricted
returns (uint256 pufETHAmount)
{
try ERC20Permit(address(_ST_ETH)).permit({
owner: msg.sender,
spender: address(this),
value: permitData.amount,
deadline: permitData.deadline,
v: permitData.v,
s: permitData.s,
r: permitData.r
}) { } catch { }
// Transfer stETH from user to this contract. The amount received here can be 1-2 wei lower than the actual permitData.amount
SafeERC20.safeTransferFrom(IERC20(address(_ST_ETH)), msg.sender, address(this), permitData.amount);
// The PufferDepositor is not supposed to hold any stETH, so we sharesOf(PufferDepositor) to the PufferVault immediately
return PUFFER_VAULT.depositStETH(_ST_ETH.sharesOf(address(this)), recipient);
}
karsar
high
PufETHAdapter fails when trying to stake stETH
Summary
When calling the depositSTETH function through
PUFFER_DEPOSITOR
it will fail in PufETHAdapter contract because of usage of different versions.Vulnerability Detail
The main cause of this issue is depositSTETH function doesnt have a recipient so the function will revert because
napier PufETHAdapter is using v1 of puffethdepositor instead of v2 which has been updated recently which adds a recipent address parameter
. As we can see the pufETH has been upgraded to v2 https://github.com/PufferFinance/pufETH/releases/tag/v2.0.0here is the v2 version
Impact
Dos of users
Code Snippet
[https://github.com/sherlock-audit/2024-05-napier-update/blob/main/napier-uups-adapters/src/adapters/puffer/PufETHAdapter.sol#L66-L87]()
Tool used
Manual Review
Recommendation
Duplicate of #21