search

sherlock-audit / 2024-05-napier-update-judging

8 stars 7 forks source link

Drynooo - EEtherAdapter's staking functionality may not be available #62

Closed sherlock-admin3 closed 4 months ago

sherlock-admin3 commented 5 months ago

Drynooo

medium

EEtherAdapter's staking functionality may not be available

Summary

Since ETHERFI_LP has a whitelist function, if the whitelist function is turned on, EEtherAdapter's staking functionality may not be available.

Vulnerability Detail

ETHERFI has a whitelist. This affects the normal functionality of the EEtherAdapter and is a normal and non-malicious operation of the ETHERFI administrator. So I think this is worth reporting.

Impact

EEtherAdapter's staking functionality may not be available

Code Snippet

    // Used by eETH staking flow
    function deposit() external payable returns (uint256) {
        return deposit(address(0));
    }

    // Used by eETH staking flow
    function deposit(address _referral) public payable whenNotPaused returns (uint256) {
        require(_isWhitelisted(msg.sender), "Invalid User");

Tool used

Manual Review

Recommendation

It is recommended to use try for deposit.

sherlock-admin2 commented 4 months ago

1 comment(s) were left on this issue during the judging contest.

z3s commented:

Low/Info; Protocols contracts integrate with are TRUSTED.