Open code423n4 opened 1 year ago
0xSorryNotSorry marked the issue as primary issue
elmutt marked the issue as disagree with severity
feels very edge casey for tiny amounts - disagreeing with severity but acknowledging
elmutt marked the issue as sponsor acknowledged
As there is a minimum amount when staking, it makes sense to assume that it's unlikely that someone unstakes tiny amounts, especially as it isn't economically interesting. So downgrading to Low.
Picodes changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L115-L116
Vulnerability details
Impact
User can lose funds when unstaking small amounts of safEth via
unstake
Proof of Concept
SafEth.sol#L115-L116
In line 115 and 116:
The
derivativeAmount
is calculated using the balance of the individual derivatives contract. In the event where if some of the balance of individual derivative tokenderivatives[i].balance()
contracts happens to be less than totalsafEthTotalSupply
minted, the check inif (derivativeAmount == 0) continue;
might mistakenly skip withdrawal especially when the amount unstaked_safEthAmount
by user is sufficiently low as precision loss will causederivativeAmount
to be zero.This leads to safEth burnt but
ethAmountAfter
to be a smaller value than expected. This can lead to loss of funds due to smaller than expectedethAmountToWithdraw
as conversion of safEth to Eth is incorrect when unstaking viaunstake()
. Worst case, if all of the individual derivative tokenderivatives[i].balance()
contracts happens to be less than totalsafEthTotalSupply
minted, then user essentially burns the small amount of safEth without receiving any Eth.Tools Used
Manual Analysis
Recommendation
Some recommendations include: -Implement a check like
require(derivatives[i].balance() * _safEthAmount > safEthTotalSupply)
to only allow unstaking a sufficient amount-Or more extreme, do not allow withdrawing of
derivativeAmount
with a value of 0 within thewithdraw
functions of the derivatives contract to prevent users from both unstaking 0 amount of safEth as well as ensuring that even in the case of precision loss, transaction would revert.