Closed c4-submissions closed 10 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #32
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as not a duplicate
raymondfam marked the issue as primary issue
Inadequate proof alleging the price reported in latestAnswer is going to be multiplied by 1e18. No supporting links provided.
fatherGoose1 marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L52-L79 https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L45-L47 https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/oracles/ChainlinkPriceOracle.sol#L37-L39
Vulnerability details
Vulnerability details:
Details:
the chainlink oracle provides the price of an asset through functions like :
latestAnswer
which is deprecated, andlatestRoundData
. these prices are multiplied by a decimal to preserve precision. thedecimals
function in the price feed tells you the decimals, and you should divide by the decimals before you use the price. thedecimals
forstETH
,cbETH
andrETH
are 18. so the price reported inlatestAnswer
is going to be multiplied by 1e18. the price given by chainlink is used without dividing by 1e18 inLRTOracle
in the functiongetAssetPrice
, and also ingetRSETHPrice
. so the price reported by these functions will be inflated by 1e18, which is a problem if somebody wants to get the price of RSETH from the protocol that mints RSETH he will get a price inflated by 1e18. which may also impact it's ability to trade on second markets, expecially that now it has no redeem functionality.Impact:
because this vulnerability impacts external protocols from integrating with kelp protocol because of the inflated price reported, and also impacts users it should be medium severity
see POC
Proof of Concept:
getRSETHPrice
Tools Used:
vscode
Recommended Mitigation Steps:
divide by the decimals of the price feed.
Assessed type
Oracle