You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 1, 2023. It is now read-only.
sherlock-admin opened this issue
Mar 27, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
A user can bypass the deposit fee by depositing in the queue and immediately minting Deposit In Queue.
Vulnerability Detail
The Carousel is designed to charge a deposit fee when a depositor deposits directly. The deposit fee is calculated linearly based on the time between the epoch creation and the epoch start (later deposits pay higher fees). However, a user can deposit late without paying any deposit fee by:
Waiting until before the epoch start, queuing a deposit (Carousel.deposit) and minting Deposit In Queue (Carousel.mintDepositInQueue) immediately (this can be done atomically in one transaction).
Late depositors can exploit their informational advantage and avoid paying the deposit fee. This creates an unfair and unbalanced situation that allows them to profit at the expense of other depositors.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
ast3ros
medium
[M-5] Deposit fee can be bypassed by user
Summary
A user can bypass the deposit fee by depositing in the queue and immediately minting Deposit In Queue.
Vulnerability Detail
The Carousel is designed to charge a deposit fee when a depositor deposits directly. The deposit fee is calculated linearly based on the time between the epoch creation and the epoch start (later deposits pay higher fees). However, a user can deposit late without paying any deposit fee by:
Carousel.deposit
) and minting Deposit In Queue (Carousel.mintDepositInQueue
) immediately (this can be done atomically in one transaction).A user can do it because:
https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L495-L499
https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L331-L350
mintDepositInQueue
can be called by anyone, so the user can call this function to execute the deposit immediately and receive the relayerFee.https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L310-L355
Impact
Late depositors can exploit their informational advantage and avoid paying the deposit fee. This creates an unfair and unbalanced situation that allows them to profit at the expense of other depositors.
Code Snippet
https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L495-L499
https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L310-L355
Tool used
Manual Review
Recommendation
Some potential solutions are:
Duplicate of #75
The text was updated successfully, but these errors were encountered: