This repository has been archived by the owner on Oct 1, 2023. It is now read-only.
AlexCzm - Users can avoid paying depositFee #463
Comments
github-actions
bot
added
High
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
AlexCzm
high
Users can avoid paying depositFee
Summary
Users can deposit in queue (passing epochId == 0) and and call
mintDepositInQueuein same transaction to avoid paying any fees.Vulnerability Detail
When using the Carousel an user can choose to make a direct deposit (eg. in the next available epoch id) or a queue deposit, pushing the deposit information into
depositQueue.When epochId != 0 a
depositFeeis paid totreasury.But when epoch id == 0
depositQueueis updated. CallingmintDepositInQueuewill mint the corresponding shares to the rightful depositors. No deposit fee is paid to treasury.An user can deposit to epoch 0 and in same transaction to call
mintDepositInQueueto ensure no deposit fee is paid and he receive back the relayerFee.Impact
Protocol will not receive the deposit fees.
Code Snippet
https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L470-L501
https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L310-L355
Tool used
Manual Review
Recommendation
Direct deposit fee is calculated linearly between time of epoch creation and epoch starting. Since queue depositors have no informational advantage a fixed % fee for epoch 0 deposits can be applied in this case.
Duplicate of #75
The text was updated successfully, but these errors were encountered: