Closed c4-submissions closed 11 months ago
https://github.com/code-423n4/2023-11-kelp/blob/c5fdc2e62c5e1d78769f44d6e34a6fb9e40c00f0/src/LRTDepositPool.sol#L109
if the asset is with different decimals rather than 18 (RSETH decimals), it would lead to incorrect calculations, even to unable to mint tokens
e.g. Users want to give USDT asset, which is with 6 decimals, this would lead to the issue
I know that Eigenlayer supports only stETH, rETH and cbETH as of today, but they can change something. This is way I set this as a medium issue
manual
it should check the asset tokens and to multiplied them to reach 18
Decimal
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #122
fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/c5fdc2e62c5e1d78769f44d6e34a6fb9e40c00f0/src/LRTDepositPool.sol#L109
Vulnerability details
Impact
if the asset is with different decimals rather than 18 (RSETH decimals), it would lead to incorrect calculations, even to unable to mint tokens
Proof of Concept
e.g. Users want to give USDT asset, which is with 6 decimals, this would lead to the issue
I know that Eigenlayer supports only stETH, rETH and cbETH as of today, but they can change something. This is way I set this as a medium issue
Tools Used
manual
Recommended Mitigation Steps
it should check the asset tokens and to multiplied them to reach 18
Assessed type
Decimal