c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
Closed c4-submissions closed 11 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #249
c4-judge
commented
10 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L109
Vulnerability details
Impact
users may lose their assets
Proof of Concept
The price of rsETH increases against ETH price, this leads to precision loss in getRsETHAmountToMint. Consider a scenario that one rsETH worth 10 ETH; now if a user tries to deposit 9 ETH he losses assets due to precision loss , precision loss happens in the following line.
rsethAmountToMint = (amount * lrtOracle.getAssetPrice(asset)) / lrtOracle.getRSETHPrice();Tools Used
Manual Review
Recommended Mitigation Steps
use a scale factor to prevent precision loss
Assessed type
Other