Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-10-ETHENA-FINDINGS-ISSUES-566
HistoryOct 30, 2023 - 12:00 a.m.

StakedUSDe contract allows attackers to steal staked USDe tokens of soft-restricted users

2023-10-3000:00:00
Code4rena
github.com
5
stakedusde
token theft
soft-restricted users
vulnerability
_checkminshares() modifier
attacker
shares

AI Score

6.9

Confidence

Low

JSON

Lines of code

Vulnerability details

Description

The modifier called _checkMinShares() that is used to ensure that there is always a small non-zero amount of shares in circulation. This is to prevent a donation attack, where an attacker donates a small amount of USDe tokens to the contract and then withdraws all of the assets, leaving the other stakers with no shares.

However, the _checkMinShares() modifier is not called when soft-restricted users withdraw their tokens. This means that an attacker could soft-restrict a user and then withdraw all of their tokens, leaving the user with no shares.

The vulnerability occurs because the _checkMinShares() modifier is only called when tokens are deposited or withdrawn from the contract. However, it is not called when soft-restricted users withdraw their tokens. This is because the _withdraw() function for soft-restricted users is different from the _withdraw() function for other users.

The _withdraw() function for soft-restricted users simply burns their shares and transfers the underlying USDe tokens to them. This does not trigger the _checkMinShares() modifier.

As a result, an attacker could soft-restrict a user and then withdraw all of their tokens. This would leave the user with no shares in the contract.

Impact

This vulnerability could allow an attacker to steal a significant amount of money from users of the StakedUSDe contract. The attacker could soft-restrict users with large amounts of staked USDe tokens and then withdraw all of their tokens.

Steps to reproduce

  • Soft-restrict a user.
  • Withdraw all of the user’s tokens.
  • The user will now have no shares in the contract.

Expected result

  • The user should still have shares in the contract, even if they are soft-restricted.

Actual result

  • The user will have no shares in the contract.

Recommendation

The StakedUSDe contract should be updated to call the _checkMinShares() modifier when soft-restricted users withdraw their tokens. This will prevent the attacker from stealing the user’s shares.

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

AI Score

6.9

Confidence

Low

JSON