From 4a37dae37023a82467504006e7142033fb608dad Mon Sep 17 00:00:00 2001
From: Aleksandr Tarelkin <tarelkinaa@bk.ru>
Date: Thu, 7 Nov 2024 14:59:42 +0300
Subject: [PATCH 1/2] strict stETH withdrawal request validation logic

---
 contracts/Escrow.sol | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/contracts/Escrow.sol b/contracts/Escrow.sol
index 24fd9130..ce2a5de7 100644
--- a/contracts/Escrow.sol
+++ b/contracts/Escrow.sol
@@ -347,9 +347,10 @@ contract Escrow is IEscrow {
         uint256 minStETHWithdrawalRequestAmount = WITHDRAWAL_QUEUE.MIN_STETH_WITHDRAWAL_AMOUNT();
         uint256 maxStETHWithdrawalRequestAmount = WITHDRAWAL_QUEUE.MAX_STETH_WITHDRAWAL_AMOUNT();
 
-        /// @dev This check ensures that even if MIN_STETH_WITHDRAWAL_AMOUNT is set too low,
-        ///     the withdrawal batch request process can still be completed successfully
-        if (stETHRemaining < Math.max(_MIN_TRANSFERRABLE_ST_ETH_AMOUNT, minStETHWithdrawalRequestAmount)) {
+        /// @dev The remaining stETH amount must be greater than the minimum threshold to create a withdrawal request.
+        uint256 remainingStETHThreshold = Math.max(_MIN_TRANSFERRABLE_ST_ETH_AMOUNT, minStETHWithdrawalRequestAmount);
+
+        if (stETHRemaining < remainingStETHThreshold) {
             return _batchesQueue.close();
         }
 
@@ -363,7 +364,7 @@ contract Escrow is IEscrow {
 
         stETHRemaining = ST_ETH.balanceOf(address(this));
 
-        if (stETHRemaining < minStETHWithdrawalRequestAmount) {
+        if (stETHRemaining < remainingStETHThreshold) {
             _batchesQueue.close();
         }
     }

From 21f51b89b0ea0e4f8bc6547cf68fbe968562f5e7 Mon Sep 17 00:00:00 2001
From: Aleksandr Tarelkin <tarelkinaa@bk.ru>
Date: Mon, 11 Nov 2024 12:00:04 +0300
Subject: [PATCH 2/2] fix: var naming and comment

---
 contracts/Escrow.sol | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/contracts/Escrow.sol b/contracts/Escrow.sol
index ce2a5de7..f4ea64f9 100644
--- a/contracts/Escrow.sol
+++ b/contracts/Escrow.sol
@@ -348,9 +348,12 @@ contract Escrow is IEscrow {
         uint256 maxStETHWithdrawalRequestAmount = WITHDRAWAL_QUEUE.MAX_STETH_WITHDRAWAL_AMOUNT();
 
         /// @dev The remaining stETH amount must be greater than the minimum threshold to create a withdrawal request.
-        uint256 remainingStETHThreshold = Math.max(_MIN_TRANSFERRABLE_ST_ETH_AMOUNT, minStETHWithdrawalRequestAmount);
+        ///     Using only `minStETHWithdrawalRequestAmount` is insufficient because it is an external variable
+        ///     that could be decreased independently. Introducing `minWithdrawableStETHAmount` provides
+        ///     an internal safeguard, enforcing a minimum threshold within the contract.
+        uint256 minWithdrawableStETHAmount = Math.max(_MIN_TRANSFERRABLE_ST_ETH_AMOUNT, minStETHWithdrawalRequestAmount);
 
-        if (stETHRemaining < remainingStETHThreshold) {
+        if (stETHRemaining < minWithdrawableStETHAmount) {
             return _batchesQueue.close();
         }
 
@@ -364,7 +367,7 @@ contract Escrow is IEscrow {
 
         stETHRemaining = ST_ETH.balanceOf(address(this));
 
-        if (stETHRemaining < remainingStETHThreshold) {
+        if (stETHRemaining < minWithdrawableStETHAmount) {
             _batchesQueue.close();
         }
     }