c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/RSETH.sol#L54

Vulnerability details

The Kelp DAO protocol lacks implementing a function/feature for redeeming the rsETH tokens for underlying LST assets. Subsequently, users can stake their LST assets to the protocol but cannot retrieve their LST assets.

Proof of Concept

Users can stake LST assets (i.e., stETH, cbETH, and rETH tokens) to the Kelp DAO protocol via the LRTDepositPool::depositAsset() and receive minted rsETH tokens in exchange. The LRT Manager will then deposit the LST assets into EigenLayer's Strategy contracts through the NodeDelegator::depositAssetIntoStrategy().

The RSETH contract provides the burnFrom() callable by the protocol's authorized burner. However, the protocol does not implement a function/feature for redeeming the rsETH tokens for underlying LST assets for users.

Impact

Users cannot retrieve the underlying LST assets. Moreover, the minted rsETH tokens may not be accepted by the DeFi community because they cannot be redeemed for their backed LST assets.

These harmful consequences can impact both the Kelp DAO protocol and its users.

Tools Used

Manual Review

Recommended Mitigation Steps

Implement a function/feature for redeeming the rsETH tokens for underlying LST assets.

Assessed type

Other

c4-pre-sort commented 11 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as duplicate of #43

c4-judge commented 11 months ago

fatherGoose1 marked the issue as unsatisfactory: Invalid

code-423n4 / 2023-11-kelp-findings

Users cannot redeem rsETH tokens for LST assets #713