Description

In StakeManager, the depositBTC function is used to deposit users' funds. However, this function does not check if msg.value is zero. So, a user could call this function with zero amount of msg.value.

Impact

A malicious user could call the deposit function with zero amount, which would trigger a Deposit event emission. If there is an event tracker monitoring event emissions, it could lead to inaccuracies in event tracking.

Recommendations

Consider adding a require statement to check the amount of msg.value.

Remediation

This issue has been acknowledged by Hydrogen Labs, and a fix was implemented in commit 06a64a53↗.