Closed sherlock-admin3 closed 4 months ago
Albort
medium
When executing RswETHAdapter::_stake(), sending RswETH to the contract might cause the final check to fail.
This line of code will fail in edge cases. if (_rswETHAmt == 0) revert InvariantViolation();
if (_rswETHAmt == 0) revert InvariantViolation();
An exception cannot be thrown when the operation RSWETH.deposit{value: stakeAmount}(); fails.
`function _stake(uint256 stakeAmount) internal override returns (uint256) { if (stakeAmount == 0) return 0;
IWETH9(Constants.WETH).withdraw(stakeAmount); uint256 _rswETHAmt = RSWETH.balanceOf(address(this)); RSWETH.deposit{value: stakeAmount}(); _rswETHAmt = RSWETH.balanceOf(address(this)) - _rswETHAmt; if (_rswETHAmt == 0) revert InvariantViolation(); return stakeAmount; } `
Manual Review
Check the address sending tokens to the contract.
1 comment(s) were left on this issue during the judging contest.
z3s commented:
Invalid; Vulnerability Detail is not clear.
Albort
medium
When executing RswETHAdapter::_stake(), sending RswETH to the contract might cause the final check to fail.
Summary
When executing RswETHAdapter::_stake(), sending RswETH to the contract might cause the final check to fail.
Vulnerability Detail
This line of code will fail in edge cases.
if (_rswETHAmt == 0) revert InvariantViolation();
Impact
An exception cannot be thrown when the operation RSWETH.deposit{value: stakeAmount}(); fails.
Code Snippet
`function _stake(uint256 stakeAmount) internal override returns (uint256) { if (stakeAmount == 0) return 0;
Tool used
Manual Review
Recommendation
Check the address sending tokens to the contract.