c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
Closed c4-submissions closed 11 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #184
c4-judge
commented
10 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTConfig.sol#L144-L147
Vulnerability details
Impact
manipulating rsETH price
Proof of Concept
admin can change rsETH token address, while total supply of rsETH is used to calculate its price changing rsETH address changes its price.
Tools Used
Manual Review
Recommended Mitigation Steps
prevent changing rsETH address after it's been configured
Assessed type
Other