search

sherlock-audit / 2024-05-napier-update-judging

8 stars 7 forks source link

Albort - When executing RswETHAdapter::_stake(), sending RswETH to the contract might cause the final check to fail. #91

Closed sherlock-admin3 closed 4 months ago

sherlock-admin3 commented 5 months ago

Albort

medium

When executing RswETHAdapter::_stake(), sending RswETH to the contract might cause the final check to fail.

Summary

When executing RswETHAdapter::_stake(), sending RswETH to the contract might cause the final check to fail.

Vulnerability Detail

This line of code will fail in edge cases. if (_rswETHAmt == 0) revert InvariantViolation();

Impact

An exception cannot be thrown when the operation RSWETH.deposit{value: stakeAmount}(); fails.

Code Snippet

`function _stake(uint256 stakeAmount) internal override returns (uint256) { if (stakeAmount == 0) return 0;

    IWETH9(Constants.WETH).withdraw(stakeAmount);
    uint256 _rswETHAmt = RSWETH.balanceOf(address(this));
    RSWETH.deposit{value: stakeAmount}();
    _rswETHAmt = RSWETH.balanceOf(address(this)) - _rswETHAmt;
    if (_rswETHAmt == 0) revert InvariantViolation();

    return stakeAmount;
} `

Tool used

Manual Review

Recommendation

Check the address sending tokens to the contract.

sherlock-admin2 commented 4 months ago

1 comment(s) were left on this issue during the judging contest.

z3s commented:

Invalid; Vulnerability Detail is not clear.