Since the value of staked ether increases, the price of RSETH goes above ETH price and leads to a precision loss in the getRSETHPrice function of the oracle, and RSETH price becomes zero.
Consider a scenario in which both rsEthSupply and totalETHInPool are 10; after sometime totalETHInPool increases and goes above rsEthSupply, which leads to precision loss in the following line
return totalETHInPool / rsEthSupply;
code423n4
commented
1 year ago
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L78
Vulnerability details
Impact
Precision loss and return zero price by Oracle
Proof of Concept
Since the value of staked ether increases, the price of RSETH goes above ETH price and leads to a precision loss in the getRSETHPrice function of the oracle, and RSETH price becomes zero. Consider a scenario in which both rsEthSupply and totalETHInPool are 10; after sometime totalETHInPool increases and goes above rsEthSupply, which leads to precision loss in the following line
return totalETHInPool / rsEthSupply;Tools Used
Manual Review
Recommended Mitigation Steps
Use a scale factor to prevent precision loss
Assessed type
Other