c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
c4-judge
commented
1 year ago Picodes marked the issue as nullified
Picodes
commented
1 year ago Nullified as the issue as actually not been mitigated as shown by the 2 other reports
Mitigated issue
H-06: WstEth derivative assumes a ~1=1 peg of stETH to ETH.
The issue was that
WstEth.withdraw()andWstEth.ethPerDerivative()assume a perfect peg between stETH and ETH, which may cause the slippage to be inaccurately evaluated.Mitigation review
The issue has been mitigated by using the Chainlink stETH/ETH price feed to get the price of stETH instead of implicitly assuming a peg. Negative prices are set to
0byif (chainLinkStEthEthPrice < 0) chainLinkStEthEthPrice = 0;. While it seems all but impossible that the price would ever be negative, if it was it doesn't seem to make sense to assume that it's0. Just letting the conversion revert would make more sense. But this is almost surely not going to happen.Mitigation error: No sanity check on Chainlink response
There are no sanity checks on the Chainlink price feed return data, especially that it is not stale. Here is an overview on this matter. See the error report on this titled "[H-02, H-05, H-06, H-08] mitigation error: No sanity check on Chainlink price feed".