Lucene search

K
code423n4Code4renaCODE423N4:2023-06-STADER-FINDINGS-ISSUES-385
HistoryJun 09, 2023 - 12:00 a.m.

There is no check to see if eth was successfully sent from ValidatorWithdrawalVault to StaderStakePoolsManager.

2023-06-0900:00:00
Code4rena
github.com
5
eth transfer check
validatorwithdrawalvault
staderstakepoolsmanager
user share
manual audit
mitigation steps
token transfer

Lines of code
<https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderStakePoolsManager.sol#L78-L80&gt;

Vulnerability details

Impact

Eth may not complete successfully. As a result, the user will not receive their share from the validator.

Tools Used

Manual audit

Recommended Mitigation Steps

Add to StaderStakePoolManager.receiveWithdrawVaultUserShare() function.
if(msg.value == 0) revert Error

Assessed type

Token-Transfer


The text was updated successfully, but these errors were encountered:

All reactions