search

sherlock-audit / 2024-06-leveraged-vaults-judging

9 stars 8 forks source link

BiasedMerc - Kelp vault allows staking of amounts that will be less than minimum required to be redeemable #104

Closed sherlock-admin2 closed 2 months ago

sherlock-admin2 commented 2 months ago

BiasedMerc

Medium

Kelp vault allows staking of amounts that will be less than minimum required to be redeemable

Summary

When Kelp::_startCooldown() calls WithdrawManager.initiateWithdrawal to initiate a withdrawal from Kelp, a check is made on the balance amount that is passed to ensure it is over the minimum withdrawal amount. However during the staking process there is no check to ensure that the final staked amount exceeds this minimum amount, meaning it is possible for users to stake a number of assets that will not be able to be withdrawn.

Vulnerability Detail

Kelp::_startCooldown()

    function _startCooldown() internal override {
        uint256 balance = rsETH.balanceOf(address(this));
        rsETH.approve(address(WithdrawManager), balance);
        // initiate withdraw from Kelp
>       WithdrawManager.initiateWithdrawal(stETH, balance);
    }

When a user wants to initiate a withdrawal from Kelp, WithdrawManager.initiateWithdrawal will be called: WithdrawManager.initiateWithdrawal

    function initiateWithdrawal(
        address asset,
        uint256 rsETHUnstaked
    )
        external
        override
        nonReentrant
        whenNotPaused
        onlySupportedAsset(asset)
        onlySupportedStrategy(asset)
    {
>       if (rsETHUnstaked == 0 || rsETHUnstaked < minRsEthAmountToWithdraw[asset]) revert InvalidAmountToWithdraw();

The passed amount needs to be larger than the minRsEthAmountToWithdraw for the passed asset. For stETH this minimum share amount is:

[ minRsEthAmountToWithdraw(address) method Response ] uint256 : [100000000000000]

However this amount could be increased in the future, which would increase the locked funds amount.

Impact

The Kelp staking flow contains no checks to ensure that the amount being staked by a user will be withdrawable by being larger than the minimum that is enforced in Kelp during withdraw. This can lead to a user's stake being unwithdrawable and those funds being locked until more funds are added. While the current amount is worth around $0.5, with Ether price increases or the minimum increasing this issue's impact will increase.

Code Snippet

Kelp::_startCooldown() WithdrawManager.initiateWithdrawal

Tool used

Manual Review

Recommendation

Ensure that the amount of of RsETH that is staked is above the minimum withdrawal amount, to ensure that user's funds are not locked/ unwithdrawable.

sherlock-admin4 commented 2 months ago

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

Low/QA at most on user's input mistake