Closed c4-submissions closed 11 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #97
raymondfam marked the issue as duplicate of #479
fatherGoose1 marked the issue as satisfactory
fatherGoose1 changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/oracles/ChainlinkPriceOracle.sol#L37-L39
Vulnerability details
Impact
In ChainlinkPriceOracle.getAssetPrice, the function assumes all price feed's decimal is equal, and this might be true for stETH/rETH/cbETH, but according to LRTConfig.addNewSupportedAsset and ChainlinkPriceOracle.updatePriceFeedFor, the protocol might add new asset in feature, in such case, the assumption might not hold true.
Proof of Concept
ChainlinkPriceOracle.getAssetPrice is defined as:
Tools Used
VIM
Recommended Mitigation Steps
Assessed type
Decimal