code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-11-stakehouse/blob/main/contracts/liquid-staking/LiquidStakingManager.sol#L1

Vulnerability details

Description

dETH is advertised as fault proof , slash proof ETH https://docs.joinstakehouse.com/protocol/learn/DerivativeStakedAsset However, ETH2 staked deposit can be slashed from 32 down to 0, not just to 24 as would be expected(24 dETH printed). This means dETH is undercollateralized, and indeeds bears the risk of being "paper money" based on no underlying value.

Impact

Users are given an unfair representation of dETH, which may lead them to make incorrect financial decisions.

Recommended Mitigation Steps

Either correct dETH amounts based on real slashed value, or do not brand dETH as slash proof ETH.

c4-judge commented 1 year ago

dmvt marked the issue as duplicate of #427

c4-judge commented 1 year ago

dmvt marked the issue as not a duplicate

c4-judge commented 1 year ago

dmvt marked the issue as duplicate of #164

c4-judge commented 1 year ago

dmvt marked the issue as satisfactory

code-423n4 / 2022-11-stakehouse-findings

dETH are branded as slash proof, but ETH2 slashing could make 32 deposit drop much below 24 (down to 0), making dETH undercollateralized #433

Lines of code

Vulnerability details

Description

Impact

Recommended Mitigation Steps