Open c4-bot-9 opened 4 months ago
GalloDaSballo marked the issue as sufficient quality report
Worth reviewing
GalloDaSballo marked the issue as primary issue
Since we have ethValueBefore and after we could also set it to 0 and no harm done thus invalid
trust1995 marked the issue as satisfactory
@vonMangoldt Would need additional description for the issue described is not actually effective, as from my analysis I can't find a counterexample.
trust1995 marked the issue as selected for report
For transparency and per conversation with the sponsors, see here for the Wise Lending team's mitigation.
additionally: Team decided to use PendleRouter
(https://github.com/pendle-finance/pendle-core/blob/master/contracts/core/PendleRouter.sol) instead of Curve
moving forward during farm exit.
Lines of code
https://github.com/code-423n4/2024-02-wise-lending/blob/main/contracts/PowerFarms/PendlePowerFarm/PendlePowerFarmLeverageLogic.sol#L194-L199 https://github.com/code-423n4/2024-02-wise-lending/blob/main/contracts/PowerFarms/PendlePowerFarm/PendlePowerFarmLeverageLogic.sol#L293-L308
Vulnerability details
Impact
When stETH depegs from ETH, the swaps on Curve will revert due to requesting a higher amountOut than what the curves pool will give.
Proof of Concept
When exiting a farm on mainnet, the requested tokensOut is set as
stETH
for redeeming the SY tokens on the PENDLE_SY contract. Once the PowerFarm has on its balance thestETH
tokens, it does a swap from stETH to ETH using the Curves protocol.The problem is that the implementation is assuming a peg of 1 ETH ~= 1 stETH. Even though both tokens have a tendency to keep the peg, this hasn't been always the case as it can be seen in this dashboard. There have been many episodes of market volatility that affected the price of stETH, notably the one in last June when stETH traded at ~0.93 ETH.
When computing the
_minOutAmount
, the PowerFarm calculates the ethValue of the received stETH tokens by requesting the price of theWETH
asset, and then it applies the reverAllowedSpread to finally determine the_minOutAmount
of ETH tokens that will be accepted from the swap on CurvesminOutAmount
is problematic, because, as seen in the dashboard, historically,1 stETH has deppeged from 1:1 from ETH
minOutAmount
of ETH tokens, it could give at most 0.95 ETH per stETH.Tools Used
Manual Audit & H-06 finding on Asymmetry Finance contest & Asymmetry's mitigation review & Asymmetry's mitigation review
Recommended Mitigation Steps
The recommendation would be to implement a mitigation similar to the one implemented on the referenced issues. Basically, fetch the current price of
stETH
from a Chainlink Oracle and multiply theminOutAmount
by the current price ofstETH
. In this way, theminOutAmount
that is sent to the Curves exchange will now be within the correct limits based on the current price of stETH.ethValueBefore
by the current price of stETH (Only when exiting farms on mainnet). In this way, both amounts,ethValueAfter
andethValueBefore
will be computed based on the current price of stETH, allowing the slippage to validate that no ethValue was lost during the process of removing liquidity from pendle, redeeming the sy tokens and swapping on curves. In the end, both,ethValueAfter
andethValueBefore
will represent the ethValue based on the stETH price.Assessed type
Context