Call to `stETH.submit` inside `DepositWrapper` without checking staking rate limits lead do DOS of deposits

Summary

Lido has staking rate limit causing the submit function to revert if amount is greater than the available limit.

Vulnerability Detail

Lido has a limit of 150,000 ETH per 24H for deposit of ETH. This can cause the ISteth(steth).submit{value: amount}(address(0)); call to revert if the limit is hit.

Impact

Call to deposit with token == weth or token == address(0) (ETH) will revert

Code Snippet

https://github.com/sherlock-audit/2024-06-mellow/blob/main/mellow-lrt/src/utils/DepositWrapper.sol#L31-L31

File: src/utils/DepositWrapper.sol
30:     function _ethToWsteth(uint256 amount) private returns (uint256) {
31:❌      ISteth(steth).submit{value: amount}(address(0));
32:         return _stethToWsteth(amount);
33:     }
34:

Tool used

Manual review

Recommendation

Add a check to Lido.getCurrentStakeLimit() and cap the deposit to that value if amount currentStakeLimit>

sherlock-audit / 2024-06-mellow-judging

infect3d - Call to `stETH.submit` inside `DepositWrapper` without checking staking rate limits lead do DOS of deposits #273

Call to `stETH.submit` inside `DepositWrapper` without checking staking rate limits lead do DOS of deposits

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2024-06-mellow-judging

infect3d - Call to `stETH.submit` inside `DepositWrapper` without checking staking rate limits lead do DOS of deposits #273

Call to stETH.submit inside DepositWrapper without checking staking rate limits lead do DOS of deposits

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Call to `stETH.submit` inside `DepositWrapper` without checking staking rate limits lead do DOS of deposits