Top 7 mistakes that lead to prompt injection you must avoid
This article explains the most common engineering and security mistakes that increase prompt injection risk, and how to avoid them when building LLM-powered systems. […]
Under specific conditions, user deposits will always revert.
When a user deposits funds through RestakeManager, the function checks the withdraw buffer and fill it if it is below the buffer target determined by bufferToFill.
If it needs to be filled, line RestakeManager#L547 checks whether the transferred _amount is less than or equal to bufferToFill.
bufferToFill = (_amount <= bufferToFill) ? _amount : bufferToFill;
The case where _amount is equal to bufferToFill is incorrectly handled as after subtraction the _amount value will be 0 RestakeManager#L549.
_amount -= bufferToFill;That leads to a revert during operatorDelegator.deposit line RestakeManager#L562, as it will not be able to pass the requirement for tokenAmount in OperatorDelegator#L147
if (address(tokenStrategyMapping[token]) == address(0x0) || tokenAmount == 0)MEDIUM – Under specific conditions, user deposits will always revert.
Handle separately the case in which the entire _amount goes towards filling the bufferToFill (_amount == bufferToFill).
If the amount equals 0 after paying bufferToFill, do not try to deposit it to operatorDelegator, allocate the appropriate amount of tokens to the user.
Meet Composable Security
Get throughly tested by the creators of Smart Contract Security Verification Standard
Let us help
Get throughly tested by the creators of Smart Contract Security Verification Standard