search

code-423n4 / 2023-11-kelp-findings

13 stars 11 forks source link

Direct token transfer to the LRTDepositPool will cause less minting of rsETH for users. #293

Closed c4-submissions closed 11 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTOracle.sol#L78

Vulnerability details

Proof of Concept

This bug is different from the first depositor bug. So when an attacker/one transfers tokens(supported assets) directly to the LRTDepositPool, the function getRSETHPrice() will return an inflated value because totalETHInPool will increase . Now when a user calls the function depositAsset , they will get less minted rsETH because the function getRSETHPrice() is inflated which is unfair.

Tools Used

manual review

Recommended Mitigation Steps

Create a state variable for totalETHInPool for accounting in LRTDepositPool.

Assessed type

Math

c4-pre-sort commented 11 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as duplicate of #168

c4-judge commented 10 months ago

fatherGoose1 changed the severity to QA (Quality Assurance)