Open c4-submissions opened 12 months ago
afETH.price()
safETH.approxPrice()
vEthStrategy.price()
function price() public view returns (uint256) { if (totalSupply() == 0) return 1e18; AbstractStrategy vEthStrategy = AbstractStrategy(vEthAddress); uint256 safEthValueInEth = (ISafEth(SAF_ETH_ADDRESS).approxPrice(true) * safEthBalanceMinusPending()) / 1e18; uint256 vEthValueInEth = (vEthStrategy.price() * vEthStrategy.balanceOf(address(this))) / 1e18; return ((vEthValueInEth + safEthValueInEth) * 1e18) / totalSupply(); }
function price() external view override returns (uint256) { return (cvxPerVotium() * ethPerCvx(false)) / 1e18; }
The fix proposed is about validating the price feed to prevent any staleness.
Fully mitigated within the following PR.
0xleastwood marked the issue as confirmed for report
0xleastwood marked the issue as satisfactory
Lines of code
Vulnerability details
Original Issue
Details
afETH.price()
relies onsafETH.approxPrice()
andvEthStrategy.price()
as seen below:vEthStrategy.price()
allows the staleness of the price feed by simply not validating it:Mitigation
The fix proposed is about validating the price feed to prevent any staleness.
Fully mitigated within the following PR.
Conclusion