Closed c4-submissions closed 11 months ago
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTConfig.sol#L73
Manager role can manipulate price of rsETH,
As Manager role can add new asset, he can add any scam asset with low liquidity which has high price, he will deposit few tokens of it also https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTConfig.sol#L73 rsETH price is calculated on basis on value of other asset supported here so scam asset with low liquidity which has high price will sure manipulate price of rsETH https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L71 So Manager can add scam asset with low liquidity which has high price which will influence price of rsETH
Give power to admin to approve new asset added by manager.
Other
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #126
fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTConfig.sol#L73
Vulnerability details
Impact
Manager role can manipulate price of rsETH,
Proof of Concept
As Manager role can add new asset, he can add any scam asset with low liquidity which has high price, he will deposit few tokens of it also https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTConfig.sol#L73 rsETH price is calculated on basis on value of other asset supported here so scam asset with low liquidity which has high price will sure manipulate price of rsETH https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L71 So Manager can add scam asset with low liquidity which has high price which will influence price of rsETH
Recommended Mitigation Steps
Give power to admin to approve new asset added by manager.
Assessed type
Other