Closed c4-submissions closed 11 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #168
fatherGoose1 changed the severity to QA (Quality Assurance)
fatherGoose1 marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L119-L144 https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L151-L157 https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L95-L110 https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L46
Vulnerability details
Impact
Users can lose all funds when calling
depositAsset
on theLRTDepositPool
.Proof of Concept
Alice wants to deposit
1 ETH
into a strategy callingdepositAsset
This will further call the
_mintRsETH
which callsgetRsETHAmountToMint
rsethAmountToMint
is calculatedlrtOracle.getAssetPrice(asset)
returns 0, thersethAmountToMint
will be 0 and zerorsETH
will be minted to the depositor causing him tolose all funds
.Tools Used
VS Code
Recommended Mitigation Steps
Make sure that the amount of ETH to mint is not 0.
Assessed type
Oracle