Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/06/09 12:0 a.m.10 views

Bug on e handling of excess ETH deposits

Lines of code Vulnerability details The StaderStakePoolsManager contract contains a critical bug that could lead to financial loss and system instability. The bug is related to the handling of excess ETH deposits and the calculation of available ETH for new deposits. Bug Description: In the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.9 views

Adding Block.number to Block.timestamp

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In the highlighted functions, the lastExcessETHDepositBlock is updated every time the function depositETHOverTargetWeight is called because it is set to the last block.number. If the function is called...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.17 views

PoolSelector.computePoolAllocationForDeposit could return an unfair value.

Lines of code Vulnerability details Impact When calling StaderStakePoolsManager.validatorBatchDeposit, it calls PoolSelector.computePoolAllocationForDeposit to get the validator count to deposit for the pool. It calculates the count based on the capacity and the weight of the pool. However,...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.11 views

There is no check to see if eth was successfully sent from ValidatorWithdrawalVault to StaderStakePoolsManager.

Lines of code Vulnerability details Impact Eth may not complete successfully. As a result, the user will not receive their share from the validator. Tools Used Manual audit Recommended Mitigation Steps Add to StaderStakePoolManager.receiveWithdrawVaultUserShare function. ifmsg.value == 0 revert...

6.8AI score
Exploits0
Rows per page
Query Builder