Closed c4-submissions closed 1 year ago
0xleastwood marked the issue as duplicate of #34
0xleastwood marked the issue as satisfactory
0xleastwood changed the severity to 3 (High Risk)
0xleastwood marked the issue as partial-50
Partial credit because it is lacking additional information about impact.
0xleastwood removed the grade
Partial credit because it is lacking additional information about impact.
What information about impact is missing? The main issue #34 explains the calculation chain such that the invalid Chainlink response implies an invalid VotiumStrategy price, which implies an invalid afEth price, which implies an invalid mint amount. This is precisely the impact stated here as well.
Noted.
0xleastwood marked the issue as full credit
0xleastwood marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2023-09-asymmetry/blob/6b4867491350f8327d0ac4f496f263642cf3c1be/contracts/strategies/votium/VotiumStrategy.sol#L32
Vulnerability details
Impact
AfEth.deposit()
may mint an incorrect amount of afEth.VotiumStrategy.price()
may return an incorrect price of vAfEth.AfEth.price()
may return an incorrect price of afEth.Proof of Concept
VotiumStrategy.price()
calls
ethPerCvx(false)
wherefalse
implies that the Chainlink response is not validated.VotiumStrategy.price()
may thus return an invalid value.VotiumStrategy.price()
is used byAfEth.price()
in the calculation of the price of afEth. Both of theseprice()
are used inAfEth.deposit()
to calculate the amount of afEth to mint. If the Chainlink response is invalid an incorrect amount of afEth may thus be minted, instead of reverting.Recommended Mitigation Steps
ethPerCvx(true)
is used in the far less criticalAfEth.depositRewards()
. It should be used here as well.Assessed type
Invalid Validation