Open sherlock-admin4 opened 5 months ago
The protocol team fixed this issue in the following PRs/commits: https://github.com/napierfi/napier-uups-adapters/pull/16 https://github.com/napierfi/napier-v1/pull/220
An edge case was found in the proposed fix. _stake()
could still revert if RSETH_DEPOSIT_POOL.minAmountToDeposit()
returns 0
. This has been fixed in a new PR: https://github.com/napierfi/napier-uups-adapters/pull/23
The Lead Senior Watson signed off on the fix.
zzykxx
medium
Adapters revert when 0 shares are minted, making it impossible to deposit under certain conditions
Summary
Users are unable to deposit into an Adapter in some situations due to the
_stake()
function reverting.Vulnerability Detail
The function
_stake()
in all of the in-scope adapters reverts if the amounts of minted shares of the targeted protocol is0
.Funds are deposited in an adapter via the prefundedDeposit() function, which internally calls
_stake()
by passing the amount to stake in the protocol,stakeAmount
:The amount to stake in the protocol,
stakeAmount
, can be restricted toavailableEth
. IfavailableEth
/stakeAmount
is low enough (but not0
) for the targeted protocol to mint0
shares all of the adapters in-scope will revert by throwing anInvariantViolation();
error:Impact
Users won't not be able to deposit funds if the
stakeAmount
is not enough to mint at least 1 share. The protocol genrally allows users to deposit both whenstakeAmount
is0
and when the maximum deposit cap has been reached on the target protocol, which is incosistent with the behaviour outlined in this report.A similar finding was disclosed in the previous Napier contest.
Code Snippet
Tool used
Manual Review
Recommendation
The function
_stake()
in the adapters should ensure that the shares minted are at least1
before actually depositing the funds. This might introduce a lot of overhead for the calculations, an alternative solution is to have the_stake()
functions always return0
ifstakeAmount
is lower than a certain (small) threshold:If going for a different fix please note that the EETHAdapter will actually revert on the internal call to
deposit()
if0
shares are minted, instead of in the adapter.