Lack of precision scaling in getRsETHAmountToMint function for deposited asset will cause user's loss.
When user deposit an asset you make internal call to getRsETHAmountToMint function to calculate the amount of RsETH that should be minted for user but the problem is all of assets doesn't have 18 decimals and it might be different, the way you calculate the mint amount only works correctly for assets with 18 decimals otherwise if deposited asset have less than 18 decimals the returned value will be a small value which causes user's loss or on the other side if it is more than 18 decimals you will mint more tokens for caller.
Proof of Concept
Imagine a user wants to deposit 1 WBTC which has 8 decimals into the LRTDepositPool contract by calling depositAsset function and for calculating the RsETH amount getRsETHAmountToMint function will be called and this line of code will run :
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L95-L110
Vulnerability details
Impact
Lack of precision scaling in getRsETHAmountToMint function for deposited asset will cause user's loss.
When user deposit an asset you make internal call to
getRsETHAmountToMint
function to calculate the amount of RsETH that should be minted for user but the problem is all of assets doesn't have 18 decimals and it might be different, the way you calculate the mint amount only works correctly for assets with 18 decimals otherwise if deposited asset have less than 18 decimals the returned value will be a small value which causes user's loss or on the other side if it is more than 18 decimals you will mint more tokens for caller.Proof of Concept
Imagine a user wants to deposit 1 WBTC which has 8 decimals into the LRTDepositPool contract by calling
depositAsset
function and for calculating the RsETH amountgetRsETHAmountToMint
function will be called and this line of code will run :the BTC/ETH price currently is
17849113669425485000
and lets consider the RsETH price is 1 ETH, so the calculation will look like this:As you see the value that will be minted for user is
0.0000000017
RsETH while he should receive17.84
RsETH for depositing 1 WBTCTools Used
Manual Review
Recommended Mitigation Steps
In
getRsETHAmountToMint
function scale precision of deposited asset to 18 if it's decimals is not 18Assessed type
Math