Closed c4-bot-7 closed 4 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as primary issue
Could have been more elaborate and informational.
ditto-eth (sponsor) disputed
https://dittoeth.com/technical/blackswan#global-black-swan
This is mentioned in the docs but this is just how the system is designed. It's true that someone coming in after an rETH/stETH slashing event would be affected upon withdrawal, but presumably the user would have full knowledge of any slashing event that affects a substantial portion of all staked ETH. Another case of overly conservative behavior to protect the peg
hansfriese marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/BridgeRouterFacet.sol#L169
Vulnerability details
Impact
Loss of funds for new depositors in case slashing happened already before their deposits which is unfair.
Proof of Concept
Looking at the code below in function _ethConversion, the protocol is covering the loss proportionally on withdrawing, according to the comment:
The issue here if bridges balances get slashed (a penalty is done on bridges Steth,Reth in some situations) then
dethTotalNew
will be less thandethTotal
. However, new depositors will incur the loss (proportionally).In different words, if a new user deposited an amount after a slashed already was done in the bridges, he will lose a partial fund of his deposit when he try to withdraw his deposit. which is unfair to the user since he made the deposit after, not before.
What is pool getting slashed? a reference from rocketpool https://docs.rocketpool.net/guides/node/responsibilities#:~:text=Penalties ,network%2C it may get slashed.
Tools Used
Manual Review
Recommended Mitigation Steps
Assessed type
Other