Description

The staking manager makes some assumptions about underlying vault behavior that may not be true. For instance, it treats the LP token balance as increasing (except during withdrawals). However, Definitive is permitted to perform exits and decrease that balance.

Impact

Violation of these assumptions might cause user funds to become locked. In staking manager withdrawal functions, withdrawals are always accompanied by exits:

/**
 * @dev Withdraw tokens from Definitive vault end-to-end (exit + withdraw)
 */
function withdrawFromDefinitive(
  uint8 _index,
  uint256 lpTokens
) private returns (uint256) {
  IERC20 underlying = IERC20(underlyingTokenAddresses[_index]);

  // 1. Exit from the strategy via LP Tokens
  uint256 underlyingAmount = definitiveVault.exitOne(lpTokens, 0, _index);

  // 2. Withdraw from the vault
  definitiveVault.withdraw(underlyingAmount, address(underlying));
  
  return underlyingAmount;
}

Since exiting and withdrawing are done together, there is no way to withdraw funds that are unstaked.

Those with ROLE_DEFINITIVE have permissions to unstake funds into the underlying vault. Additionally, as mentioned in , they are able to withdraw vault funds into the staking manager too.

These situations will create unstaked funds that cannot be withdrawn.

Recommendations

As a mitigation, Rainmaker could provide users the ability to redeposit and reenter funds if they get stuck in either the underlying vault or the staking manager.

Additionally, the vault is not immune to losses: it is possible for unfavorable conditions to cause a net decrease in LP token balance. This may result in shares that cannot be withdrawn. Rainmaker should document such risks.

Remediation

Rainmaker added functionality for restaking such funds in commit .