Closed sherlock-admin2 closed 4 months ago
https://github.com/sherlock-audit/2024-05-napier-update-judging/issues/54 will be duplicated with https://github.com/sherlock-audit/2024-05-napier-update-judging/issues/46, hence, this report will also be duplicated with https://github.com/sherlock-audit/2024-05-napier-update-judging/issues/46.
PNS
medium
Incorrect staking limit check in
RsETHAdapter
Summary
The adapter checks the staking limit using a closed condition
<=
, which results in a deposit equal to the minimum deposit being rejected. However, this is not accurate behavior for the integrated protocol.Vulnerability Detail
https://github.com/sherlock-audit/2024-05-napier-update/blob/c31af59c6399182fd04b40530d79d98632d2bfa7/napier-uups-adapters/src/adapters/kelp/RsETHAdapter.sol#L77
The issue arises because the integrated protocol considers the minimum deposit as acceptable.
https://github.com/Kelp-DAO/LRT-rsETH/blob/e75e9ef168a7b192abf76869977cd2ac8134849c/contracts/LRTDepositPool.sol#L200C51-L200C69
Impact
The minimum deposit amount for a user attempting to deposit into the KelpDAO protocol will always be rejected.
Code Snippet
Tool used
Manual Review
Recommendation
The condition should be changed to an open
<
.Additional info:
Medium severity because in the function documentation
_stake
, it is described that limits should be checked to prevent DoS. Since only the update is audited and not the entire protocol, it is difficult to assess the specific DoS, but it should be assumed that checking the limits should be accurate and consistent with the integrated protocol.Duplicate of #46