From 7b1acdc37f446aed8344cc6e168a1768d142544a Mon Sep 17 00:00:00 2001
From: Puneet <59960662+puneet2019@users.noreply.github.com>
Date: Fri, 19 Jan 2024 17:17:46 +0530
Subject: [PATCH] =?UTF-8?q?fix:=20users=20can=20be=20prevented=20from=20li?=
 =?UTF-8?q?quid-staking=20funds=20by=20removin=E2=80=A6=20(#728)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix: Attackers can prevent users from liquid-staking funds by removing the Deposit entry

* add CHANGELOG.md
---
 CHANGELOG.md                       | 6 +++---
 x/liquidstakeibc/keeper/deposit.go | 8 ++++++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8f3a4852..afa5df53b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -41,14 +41,14 @@ Ref: https://keepachangelog.com/en/1.0.0/
 - [721](https://github.com/persistenceOne/pstake-native/pull/721) Add Query host chain user unbondings.
 
 ### Bug Fixes
-
+- [728](https://github.com/persistenceOne/pstake-native/pull/728) Fix prevent users from liquid-staking funds by removing the Deposit entry.
 - [727](https://github.com/persistenceOne/pstake-native/pull/727) Send LSM redeem messages in chunks.
 - [726](https://github.com/persistenceOne/pstake-native/pull/726) Fix minimal unbondings.
+- [725](https://github.com/persistenceOne/pstake-native/pull/725) Fix Incorrect bookkeeping of validator’s delegated
+  amount upon redelegation
 - [720](https://github.com/persistenceOne/pstake-native/pull/720) Fix unbondings loop.
 - [719](https://github.com/persistenceOne/pstake-native/pull/719) Fix afterEpoch hooks to take LiquidStake feature
   instead of LiquidStakeIBC
-- [725](https://github.com/persistenceOne/pstake-native/pull/725) Fix Incorrect bookkeeping of validator’s delegated
-  amount upon redelegation
 
 ## [v2.8.2] - 2024-01-09
 
diff --git a/x/liquidstakeibc/keeper/deposit.go b/x/liquidstakeibc/keeper/deposit.go
index 3a6d41c25..572fe4bc9 100644
--- a/x/liquidstakeibc/keeper/deposit.go
+++ b/x/liquidstakeibc/keeper/deposit.go
@@ -83,7 +83,10 @@ func (k *Keeper) AdjustDepositsForRedemption(
 
 	for _, deposit := range redeemableDeposits {
 		// there is enough tokens in this deposit to fulfill the redeem request
-		if deposit.Amount.Amount.GT(redeemAmount.Amount) || redeemAmount.IsZero() {
+		if redeemAmount.IsZero() {
+			return nil
+		}
+		if deposit.Amount.Amount.GT(redeemAmount.Amount) {
 			deposit.Amount = deposit.Amount.Sub(redeemAmount)
 			k.SetDeposit(ctx, deposit)
 			return nil
@@ -91,7 +94,8 @@ func (k *Keeper) AdjustDepositsForRedemption(
 
 		// the deposit is not enough to fulfill the redeem request, use it and remove it
 		redeemAmount = redeemAmount.Sub(deposit.Amount)
-		k.DeleteDeposit(ctx, deposit)
+		deposit.Amount = deposit.Amount.Sub(deposit.Amount) // zero coin, let the epoch delete these entries.
+		k.SetDeposit(ctx, deposit)
 	}
 
 	return nil