Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-06-STADER-FINDINGS-ISSUES-385
HistoryJun 09, 2023 - 12:00 a.m.

There is no check to see if eth was successfully sent from ValidatorWithdrawalVault to StaderStakePoolsManager.

2023-06-0900:00:00
Code4rena
github.com
6
eth transfer check
validatorwithdrawalvault
staderstakepoolsmanager
user share
manual audit
mitigation steps
token transfer
JSON

Lines of code
<https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderStakePoolsManager.sol#L78-L80&gt;

Vulnerability details

Impact

Eth may not complete successfully. As a result, the user will not receive their share from the validator.

Tools Used

Manual audit

Recommended Mitigation Steps

Add to StaderStakePoolManager.receiveWithdrawVaultUserShare() function.
if(msg.value == 0) revert Error

Assessed type

Token-Transfer

The text was updated successfully, but these errors were encountered:

All reactions

JSON