Upgraded Q -> 2 from #19 [1685157301242]

c4-judge commented 1 year ago

Judge has assessed an item in Issue #19 as 2 risk. The relevant finding follows:

The first staker of the wxETH can get all the unlocked rewards immediately in the same block. code lines: https://github.com/code-423n4/2023-05-xeth/blob/main/src/wxETH.sol#L202-L216

For the first staker of the wxETH, the totalSupply of the wxETH is 0. So he can wrap the xETH to wxETH as 1:1.

function exchangeRate() public view returns (uint256) { /// @dev if there are no tokens minted, return the initial exchange rate uint256 _totalSupply = totalSupply(); if (_totalSupply == 0) { return INITIAL_EXCHANGE_RATE; } If the drip is started before the first staker, the unlocked funds can be withdrew immediately in the same block by calling unstake.

c4-judge commented 1 year ago

kirk-baird marked the issue as duplicate of #23

c4-judge commented 1 year ago

kirk-baird marked the issue as satisfactory

code-423n4 / 2023-05-xeth-findings

Upgraded Q -> 2 from #19 [1685157301242] #39