c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
Closed c4-submissions closed 11 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #249
c4-judge
commented
10 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L78
Vulnerability details
Impact
Bots has reported the division issue, but if here was implemented check for minimum result value, or divisor, it would prevent vulnerable minting, but will DoS depositing logic, until assets are more expensive than corresponding amount of ETH.
Proof of Concept
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L70C52-L70C52
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L78
If deposited assets are for example rETH and ratio between rETH and ETH is 0.95, the division will be rounded to zero and if check is implemented, the transaction would be reverted.
Tools Used
Manual Review
Recommended Mitigation Steps
Implement some kind of precision variable so it is possible to have ratio, where deposited assets are less than ETH
Assessed type
DoS