Dug - Deposit fee can be bypassed

[sherlock-admin]

Dug

medium

Deposit fee can be bypassed

Summary

A user can bypass the deposit fee by joining the deposit queue and then immediately minting their position into the next epoch.

Vulnerability Detail

In Carousel.sol there is an elaborate deposit fee system designed as follows:

deposit fee is calculated linearly between time of epoch creation and epoch starting (deposit window) this is because late depositors have an informational advantage

However, this deposit fee can easily be bypassed using the deposit queue.

When a user makes a deposit to an epoch with an _id of 0 the fee is bypassed and they are added directly to the depositQueue.

if (_id != 0) {
    ...
} else {
    depositQueue.push(
        QueueItem({assets: _assets, receiver: _receiver, epochId: _id})
    );

    emit DepositInQueue(msg.sender, _receiver, _id, _assets);
}

Because the depositQueue is FIFO, the user can immediately call mintDepositInQueue to pop their deposit off the queue and mint their position into the next epoch.

Impact

This vulnerability makes it so a user to bypass the deposit fee and mint their position into the next epoch. This allows the user to gain an informational advantage over other users who are forced to pay the deposit fee.

Code Snippet

https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L465-L501

https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L306-L355

Tool used

Manual Review

Recommendation

As it is, the deposit fee system does not seem to meet it's design objectives. How and when fees are applied should be re-evaluated.

Duplicate of #75