Incorrect withdrawal distribution due to improper adjustment logic when remaining stETH is below the minimum threshold
Summary
The calculateWithdrawals function only adjusts the last two withdrawal requests when the remaining stETH is below the minimum withdrawal threshold. This fails to consider cases where more than two withdrawals require adjustment, leading to incorrect allocation of withdrawal amounts and mismanagement of stETH distribution for users.
Vulnerability Detail
The function’s logic assumes that only the last two withdrawals need adjusting when the remaining stETH is below the MIN_STETH_WITHDRAWAL_AMOUNT. However, if the total withdrawal involves more than two requests, this method leaves earlier withdrawals unadjusted, leading to a misallocation of funds. The lack of dynamic adjustment across all withdrawals creates a risk of users receiving inaccurate withdrawal amounts.
Alice requests to withdraw 50,000 stETH.
The contract splits her withdrawal into 5 full requests of 10,000 stETH each.
Since there is 0 stETH remaining, no adjustments are needed.
The withdrawal completes successfully, and Alice receives her correct allocation.
Bob requests to withdraw 40,000 stETH.
The contract splits his withdrawal into 4 full requests of 10,000 stETH each.
After the first 3 requests, there is 7,500 stETH remaining, which is less than the MIN_STETH_WITHDRAWAL_AMOUNT.
The contract adjusts only the last two requests, splitting the remaining 7,500 stETH between them.
This adjustment leaves the earlier withdrawals unchanged, resulting in Bob receiving more or less stETH than he should have.
Impact
This vulnerability can result in incorrect stETH distribution, where users receive either more or less than they are entitled to. This misallocation can lead to financial imbalances and undermine user trust in the protocol. Furthermore, the protocol may risk economic inefficiencies due to underfunded or overfunded withdrawals.
Implement a dynamic adjustment mechanism that distributes the remaining stETH across all relevant withdrawal requests, not just the last two. By iterating over all withdrawal amounts and adjusting them proportionally, the protocol can ensure more accurate and fair distribution of stETH for users. This will prevent misallocation and maintain the integrity of the withdrawal process.
0xrobsol
Medium
Incorrect withdrawal distribution due to improper adjustment logic when remaining stETH is below the minimum threshold
Summary
The calculateWithdrawals function only adjusts the last two withdrawal requests when the remaining stETH is below the minimum withdrawal threshold. This fails to consider cases where more than two withdrawals require adjustment, leading to incorrect allocation of withdrawal amounts and mismanagement of stETH distribution for users.
Vulnerability Detail
The function’s logic assumes that only the last two withdrawals need adjusting when the remaining stETH is below the MIN_STETH_WITHDRAWAL_AMOUNT. However, if the total withdrawal involves more than two requests, this method leaves earlier withdrawals unadjusted, leading to a misallocation of funds. The lack of dynamic adjustment across all withdrawals creates a risk of users receiving inaccurate withdrawal amounts.
Alice requests to withdraw 50,000 stETH. The contract splits her withdrawal into 5 full requests of 10,000 stETH each. Since there is 0 stETH remaining, no adjustments are needed. The withdrawal completes successfully, and Alice receives her correct allocation.
Bob requests to withdraw 40,000 stETH. The contract splits his withdrawal into 4 full requests of 10,000 stETH each. After the first 3 requests, there is 7,500 stETH remaining, which is less than the MIN_STETH_WITHDRAWAL_AMOUNT. The contract adjusts only the last two requests, splitting the remaining 7,500 stETH between them. This adjustment leaves the earlier withdrawals unchanged, resulting in Bob receiving more or less stETH than he should have.
Impact
This vulnerability can result in incorrect stETH distribution, where users receive either more or less than they are entitled to. This misallocation can lead to financial imbalances and undermine user trust in the protocol. Furthermore, the protocol may risk economic inefficiencies due to underfunded or overfunded withdrawals.
Code Snippet
https://github.com/sherlock-audit/2024-08-saffron-finance/blob/main/lido-fiv/contracts/LidoVault.sol#L1215-L1225
Tool used
Manual Review
Recommendation
Implement a dynamic adjustment mechanism that distributes the remaining stETH across all relevant withdrawal requests, not just the last two. By iterating over all withdrawal amounts and adjusting them proportionally, the protocol can ensure more accurate and fair distribution of stETH for users. This will prevent misallocation and maintain the integrity of the withdrawal process.