PufETHAdapter use wrong deposit function signature from outdated depositor interface
Summary
The PufETHAdapter contract in the _stake function uses the Puffer protocol's depositor to deposit funds via the depositStETH() function. However, the function signature used in the local interface does not match the current version deployed on the mainnet, leading to potential issues when calling the function.
Vulnerability Detail
The PufETHAdapter relies on a local interface for the depositor, which is initialized with a constant address. However, the contract at this address has been updated to a new version (v2), where the function signature of depositStETH() has been changed and does not inherit from the previous version.
In the local interface, the depositStETH() function is assumed to have the signature from v1, but the contract on the mainnet now has a different signature in v2.
And the expected correct function signature in the updated v2 contract:
67: function depositStETH(Permit calldata permitData, address recipient)
Tool used
Manual Review
Recommendation
Update the Adapter to Match the New Interface
Update the Local Interface: Ensure that the local interface used in PufETHAdapter matches the function signatures of the updated v2 contract.
Modify the _stake Function: Adjust the _stake function in PufETHAdapter to use the correct function signature for depositStETH(), including the additional recipient parameter.
By ensuring that the PufETHAdapter uses the correct function signatures, the protocol can prevent failed transactions and maintain proper functionality.
PNS
medium
PufETHAdapter
use wrong deposit function signature from outdated depositor interfaceSummary
The
PufETHAdapter
contract in the_stake
function uses the Puffer protocol's depositor to deposit funds via thedepositStETH()
function. However, the function signature used in the local interface does not match the current version deployed on the mainnet, leading to potential issues when calling the function.Vulnerability Detail
The
PufETHAdapter
relies on a local interface for the depositor, which is initialized with a constant address. However, the contract at this address has been updated to a new version (v2), where the function signature ofdepositStETH()
has been changed and does not inherit from the previous version.In the local interface, the
depositStETH()
function is assumed to have the signature from v1, but the contract on the mainnet now has a different signature in v2.Constant Initialization and Local Interface:
https://github.com/sherlock-audit/2024-05-napier-update/blob/c31af59c6399182fd04b40530d79d98632d2bfa7/napier-uups-adapters/src/Constants.sol#L19
Incorrect Function Call in
_stake
:https://github.com/sherlock-audit/2024-05-napier-update/blob/c31af59c6399182fd04b40530d79d98632d2bfa7/napier-uups-adapters/src/adapters/puffer/PufETHAdapter.sol#L82
Updated Function Signature in v2:
The mismatch in function signatures can lead to failed transactions when attempting to deposit assets using the
PufETHAdapter
.proxy:
https://etherscan.io/address/0x4aa799c5dfc01ee7d790e3bf1a7c2257ce1dceff#readProxyContract
implementation:
https://etherscan.io/address/0x8c9517a9e99c74cd072a118d3dc6b4f3217f8b9b#code
Impact
This vulnerability can cause deposit transactions to fail, preventing users from depositing their assets as intended (DoS).
Code Snippet
Here is the incorrect function call in the
PufETHAdapter
:And the expected correct function signature in the updated v2 contract:
Tool used
Manual Review
Recommendation
Update the Adapter to Match the New Interface
Update the Local Interface: Ensure that the local interface used in
PufETHAdapter
matches the function signatures of the updated v2 contract.Modify the
_stake
Function: Adjust the_stake
function inPufETHAdapter
to use the correct function signature fordepositStETH()
, including the additionalrecipient
parameter.Example of Corrected Code
Updated Local Interface:
Corrected
_stake
Function:By ensuring that the
PufETHAdapter
uses the correct function signatures, the protocol can prevent failed transactions and maintain proper functionality.Duplicate of #21