Open c4-submissions opened 10 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #38
fatherGoose1 changed the severity to QA (Quality Assurance)
fatherGoose1 marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTOracle.sol#L70 https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTConfig.sol#L85 https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTConfig.sol#L86
Vulnerability details
Impact
LRTOracle:getRSETHPrice() which is executed in all protocol pricing operations, includes all assets supported in the calculation. This asset is added with the
addNewSupportedAsset()
function, However, this sets the asset permanently and can't be undone if the asset returns same values when strategy is no longer handled and the asset is no longer supported on EigenLayer.Proof of Concept
_addNewSupportedAsset() function sets assets as supported forever:
There is no function that can undo this.
LRTOracle:getRSETHPrice()
Tools Used
Manual Review
Recommended Mitigation Steps
Contract should have a removeAsset function
Assessed type
Other