This repository has been archived by the owner on Nov 24, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
no - Checking RSETH_DEPOSIT_POOL.minAmountToDeposit()
in RsETHAdapter::_stake()
causes Dos
#46
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Comments
Such DoS doesn't meat requirements. This is because
|
sherlock-admin3
added
Sponsor Disputed
The sponsor disputed this issue's validity
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
and removed
Sponsor Disputed
The sponsor disputed this issue's validity
Sponsor Confirmed
The sponsor acknowledged this issue is valid
labels
May 21, 2024
github-actions
bot
added
the
Excluded
Excluded by the judge without consulting the protocol or the senior
label
May 22, 2024
1 comment(s) were left on this issue during the judging contest. z3s commented:
|
it's not because It can happens when depositing small amount. It's because stakeAmount is calculated by |
sherlock-admin2
changed the title
Great Seafoam Reindeer - Checking
no - Checking May 24, 2024
RSETH_DEPOSIT_POOL.minAmountToDeposit()
in RsETHAdapter::_stake()
causes DosRSETH_DEPOSIT_POOL.minAmountToDeposit()
in RsETHAdapter::_stake()
causes Dos
sherlock-admin3
removed
the
Will Fix
The sponsor confirmed this issue will be fixed
label
May 27, 2024
WangSecurity
added
the
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
label
Jun 1, 2024
After the discussions on escalation on #54, this report will be the main issue of a new family. |
This was referenced Jun 1, 2024
sherlock-admin2
added
Reward
A payout will be made for this issue
and removed
Non-Reward
This issue will not receive a payout
labels
Jun 1, 2024
sherlock-admin4
removed
the
Excluded
Excluded by the judge without consulting the protocol or the senior
label
Jun 2, 2024
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
no
high
Checking
RSETH_DEPOSIT_POOL.minAmountToDeposit()
inRsETHAdapter::_stake()
causes DosSummary
Checking
RSETH_DEPOSIT_POOL.minAmountToDeposit()
inRsETHAdapter::_stake()
causes DosVulnerability Detail
The _stake will revert in the condition that the stakeAmount is less than
RSETH_DEPOSIT_POOL.minAmountToDeposit()
, which is 100000000000000. This could always happens. Because stakeAmount is not the user's input, it is calculate by this protocal.The stakeAmount could be any small value. The users deposit right value using Tranche, but could revert, and they don't konw why.
Impact
The users deposit right value using Tranche, but could revert, and they don't konw why.
Code Snippet
https://github.com/sherlock-audit/2024-05-napier-update/blob/main/napier-uups-adapters/src/adapters/kelp/RsETHAdapter.sol#L77-L77
Tool used
Manual Review
Recommendation
The text was updated successfully, but these errors were encountered: