Closed c4-submissions closed 11 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #62
fatherGoose1 marked the issue as satisfactory
fatherGoose1 changed the severity to 2 (Med Risk)
fatherGoose1 changed the severity to 3 (High Risk)
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L119-L144 https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L151-L157 https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L95-L110 https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L52-L79
Vulnerability details
Impact
In the
LRTDepositPool
contract, users use thedepositAsset()
function to deposit their LST asset and receive the minted rsETH in return. The bug in this function is that the asset is transferred toaddress(this)
before the rsETH is minted to the user. The reason that the order matters is that in calculating the amount of rsETH to mint, the asset balance ofaddress(this)
can have a significant influence on the amount of rsETH to be minted. A malicious user could front run normal deposit transactions and deposit a small amount of asset in return for a large rsETH balance, when compared to subsequent normal deposit transactions. This enables a malicious user to subsequently withdraw a disproportionate amount of LST asset when they burn the rsETH.Proof of Concept
In the PoC below, Alice deposits a very small amount (1e3) of asset and receive the same amount of rsETH in return.
Subsequently, Bob deposits 1e18 amount of asset, but receives less rsETH than what Alice received, despite a deposit size that is 1e15 times bigger than Alice.
This shows that a malicious user Alice can front run normal deposit transactions and receive a disproportionate amount of rsETH.
Tools Used
Manual Review
Recommended Mitigation Steps
The above can be fixed if we simply swap L136-138 with L141 in the
LRTDepositPool
contract, so that the asset transfer occurs after calculating the correct amount of rsETH to be minted to the user. With this change, we could see that the same test returns the following amount, in which Bob's rsETH balance is now proportional to the amount of asset he contributes relative to Alice.Assessed type
ERC4626