c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
Closed c4-submissions closed 10 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
raymondfam
commented
11 months ago Invalid assumptions. It's meant for the first depositor to avoid division by zero when minting shares.
c4-pre-sort
commented
11 months ago raymondfam marked the issue as primary issue
c4-judge
commented
10 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L56
Vulnerability details
Handling Zero Supply Case: If the rsETH supply is zero, it returns a default value of 1 ether. Even if there were no RSETH tokens minted or the whole of RSETH was burnt in the future. You still can redeem ETH with RSETH as 1 to 1.
Impact
RSETH can be forcefully pegged ETH price as 1 to 1, hardcoding RSETH actual value gaining more ETH than actual price when it is worth 0.
Proof of Concept
In
LRTOracle::getRSETHPrice()Tools Used
Manual Review
Recommended Mitigation Steps
Remove hardcoded value
Assessed type
Rug-Pull