0xrobsol - Incorrect withdrawal distribution due to improper adjustment logic when remaining stETH is below the minimum threshold

[sherlock-admin2]

0xrobsol

Medium

Incorrect withdrawal distribution due to improper adjustment logic when remaining stETH is below the minimum threshold

Summary

The calculateWithdrawals function only adjusts the last two withdrawal requests when the remaining stETH is below the minimum withdrawal threshold. This fails to consider cases where more than two withdrawals require adjustment, leading to incorrect allocation of withdrawal amounts and mismanagement of stETH distribution for users.

Vulnerability Detail

The function’s logic assumes that only the last two withdrawals need adjusting when the remaining stETH is below the MIN_STETH_WITHDRAWAL_AMOUNT. However, if the total withdrawal involves more than two requests, this method leaves earlier withdrawals unadjusted, leading to a misallocation of funds. The lack of dynamic adjustment across all withdrawals creates a risk of users receiving inaccurate withdrawal amounts.

1. Alice requests to withdraw 50,000 stETH.
   The contract splits her withdrawal into 5 full requests of 10,000 stETH each.
   Since there is 0 stETH remaining, no adjustments are needed.
   The withdrawal completes successfully, and Alice receives her correct allocation.

2. Bob requests to withdraw 40,000 stETH.
   The contract splits his withdrawal into 4 full requests of 10,000 stETH each.
   After the first 3 requests, there is 7,500 stETH remaining, which is less than the MIN_STETH_WITHDRAWAL_AMOUNT.
   The contract adjusts only the last two requests, splitting the remaining 7,500 stETH between them.
   This adjustment leaves the earlier withdrawals unchanged, resulting in Bob receiving more or less stETH than he should have.

Impact

This vulnerability can result in incorrect stETH distribution, where users receive either more or less than they are entitled to. This misallocation can lead to financial imbalances and undermine user trust in the protocol. Furthermore, the protocol may risk economic inefficiencies due to underfunded or overfunded withdrawals.

Code Snippet

https://github.com/sherlock-audit/2024-08-saffron-finance/blob/main/lido-fiv/contracts/LidoVault.sol#L1215-L1225

Tool used

Manual Review

Recommendation

Implement a dynamic adjustment mechanism that distributes the remaining stETH across all relevant withdrawal requests, not just the last two. By iterating over all withdrawal amounts and adjusting them proportionally, the protocol can ensure more accurate and fair distribution of stETH for users. This will prevent misallocation and maintain the integrity of the withdrawal process.