Open c4-submissions opened 8 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #34
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as not a duplicate
raymondfam marked the issue as duplicate of #215
fatherGoose1 marked the issue as unsatisfactory: Invalid
fatherGoose1 changed the severity to QA (Quality Assurance)
fatherGoose1 marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/c5fdc2e62c5e1d78769f44d6e34a6fb9e40c00f0/src/oracles/ChainlinkPriceOracle.sol#L37-L39 https://github.com/code-423n4/2023-11-kelp/blob/c5fdc2e62c5e1d78769f44d6e34a6fb9e40c00f0/src/LRTOracle.sol#L45-L47 https://github.com/code-423n4/2023-11-kelp/blob/c5fdc2e62c5e1d78769f44d6e34a6fb9e40c00f0/src/LRTOracle.sol#L68
Vulnerability details
Summary
According to Chainlink’s documentation, the
latestAnswer
function is deprecated.latestAnswer
don't throw an error when there is no answer but returns0
which can cause different price calculation or 0rsETH
to be minted after depositing assets.Vulnerability details
User can call
depositAsset
inLRTDepositPool
. This will get the amount ofrsETH
to be minted based on the oracle prices.uint256 rsethAmountMinted = _mintRsETH(asset, depositAmount);
(rsethAmountToMint) = getRsETHAmountToMint(_asset, _amount);
rsethAmountToMint = (amount * lrtOracle.getAssetPrice(asset)) / lrtOracle.getRSETHPrice();
When
latestAnswer
returns 0 it will cause division by zero error in this scenario.Impact
Use of deprecated chainlink function. From chainlink docs about
latestAnswer
THIS FUNCTION IS DEPRECATED. DO NOT USE THIS FUNCTION
. https://docs.chain.link/data-feeds/api-reference#latestanswer link to documentation.Tools used
VScode, Manual Review, Chainlink docs
Recommendations
It is recommended to use Chainlink’s
latestRoundData()
function to get the price instead. It is also recommended to add checks on the return data with proper revert messages if the price is stale or the round is incomplete.From chainlink docs:
Assessed type
Invalid Validation