4 matches found
Bug on e handling of excess ETH deposits
Lines of code Vulnerability details The StaderStakePoolsManager contract contains a critical bug that could lead to financial loss and system instability. The bug is related to the handling of excess ETH deposits and the calculation of available ETH for new deposits. Bug Description: In the...
Adding Block.number to Block.timestamp
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In the highlighted functions, the lastExcessETHDepositBlock is updated every time the function depositETHOverTargetWeight is called because it is set to the last block.number. If the function is called...
PoolSelector.computePoolAllocationForDeposit could return an unfair value.
Lines of code Vulnerability details Impact When calling StaderStakePoolsManager.validatorBatchDeposit, it calls PoolSelector.computePoolAllocationForDeposit to get the validator count to deposit for the pool. It calculates the count based on the capacity and the weight of the pool. However,...
There is no check to see if eth was successfully sent from ValidatorWithdrawalVault to StaderStakePoolsManager.
Lines of code Vulnerability details Impact Eth may not complete successfully. As a result, the user will not receive their share from the validator. Tools Used Manual audit Recommended Mitigation Steps Add to StaderStakePoolManager.receiveWithdrawVaultUserShare function. ifmsg.value == 0 revert...