The modifier called _checkMinShares() that is used to ensure that there is always a small non-zero amount of shares in circulation. This is to prevent a donation attack, where an attacker donates a small amount of USDe tokens to the contract and then withdraws all of the assets, leaving the other stakers with no shares.
However, the _checkMinShares() modifier is not called when soft-restricted users withdraw their tokens. This means that an attacker could soft-restrict a user and then withdraw all of their tokens, leaving the user with no shares.
The vulnerability occurs because the _checkMinShares() modifier is only called when tokens are deposited or withdrawn from the contract. However, it is not called when soft-restricted users withdraw their tokens. This is because the _withdraw() function for soft-restricted users is different from the _withdraw() function for other users.
The _withdraw() function for soft-restricted users simply burns their shares and transfers the underlying USDe tokens to them. This does not trigger the _checkMinShares() modifier.
As a result, an attacker could soft-restrict a user and then withdraw all of their tokens. This would leave the user with no shares in the contract.
This vulnerability could allow an attacker to steal a significant amount of money from users of the StakedUSDe contract. The attacker could soft-restrict users with large amounts of staked USDe tokens and then withdraw all of their tokens.
Expected result
Actual result
The StakedUSDe contract should be updated to call the _checkMinShares() modifier when soft-restricted users withdraw their tokens. This will prevent the attacker from stealing the userβs shares.
Other
The text was updated successfully, but these errors were encountered:
All reactions