search

code-423n4 / 2023-11-kelp-findings

13 stars 11 forks source link

`getRsETHAmountToMint()` will return incorrect amount to mint. #783

Open c4-submissions opened 12 months ago

c4-submissions commented 12 months ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L109

Vulnerability details

Impact

In LRTDepositPool.sol the function getRsETHAmountToMint() gets the price of an asset from chainlink via the aggregator and uses it to calculate the rsETH amount to mint for a certain amount of LST, the issue is that different chainlink aggregator feeds have different decimals for different tokens whenever it returns the price, the price should be scaled in order to prevent rounding issues whenever it is divided by a value in 1e18, this can be seen when rsETH in the pool is 0, it returns 1 ether which is Wei in 18 decimal places Consider an amount of LST = 3 and the price from the feed is 1e8 dividing by 1 ether which is 1e18 will lead to rounding error where 3 * 1e8 / 1e18 The value gotten will be rounded down to zero.

Tools Used

Manual review

Recommended Mitigation Steps

Consider the tokens decimal whenever getting the rsETH amount to mint for a particular token.

Assessed type

Decimal

c4-pre-sort commented 11 months ago

raymondfam marked the issue as sufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as duplicate of #97

c4-pre-sort commented 11 months ago

raymondfam marked the issue as duplicate of #479

c4-judge commented 11 months ago

fatherGoose1 changed the severity to 2 (Med Risk)

c4-judge commented 11 months ago

fatherGoose1 marked the issue as satisfactory

c4-judge commented 11 months ago

fatherGoose1 changed the severity to QA (Quality Assurance)

c4-judge commented 11 months ago

fatherGoose1 marked the issue as grade-b