code-423n4 / 2024-04-renzo-findings

5 stars 4 forks source link

stETH/ETH Feed being used opens up to 2 way deposit<->withdrawal arbitrage #13

Open c4-bot-1 opened 2 months ago

c4-bot-1 commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/Oracle/RenzoOracle.sol#L70-L81

Vulnerability details

Impact

The stETH/ETH oracle is not a exchange rate feed, it's a Market Rate Feed

While other feeds are exchange rate feeds

This opens up ezETH to be vulnerable to:

Market Rate Manipulations
Sentiment based Price Action
Duration based discounts

POC

This opens up to arbitrage anytime stETH trades at a discount (see Liquidations on the 13th of April)

Had withdrawals been open, the following could have been possible:

Deposit stETH before the Depeg (front-run oracle update)
Get ezETH
Withdraw stETH after the depeg (1% a day, around 365% APR)

As well as:

stETH market depegs
Deposit ETH for ezETH
Withdraw stETH at premium (about 1% arbitrage, around 365% APR)

Mitigation

I believe the withdrawal logic needs to be rethought to be denominated in ETH

The suggested architecture would look like the following:

Deposit of ETH or LSTs, estimated via a pessimistic exchange rate
Withdraw exclusively ETH, while pricing in slashing, discounts and operative costs

Assessed type

Oracle

jatinj615 commented 1 month ago

Expected Behaviour.

C4-Staff commented 1 month ago

CloudEllie marked the issue as primary issue

c4-judge commented 1 month ago

alcueca marked issue #8 as primary and marked this issue as a duplicate of 8

c4-judge commented 1 month ago

alcueca marked the issue as not a duplicate

alcueca commented 1 month ago

It is debatable whether the market or exchange rate is the real price. The market price is the price for an instant trade, while the exchange rate is the price for a trade in the terms of the stETH contract. Renzo is not even using a real market price, which would be retrieved from a DEX. Whatever the choice of oracle, there will be some arbitrage opportunities.

c4-judge commented 1 month ago

alcueca marked the issue as unsatisfactory: Invalid

alcueca commented 1 month ago

From the PJQA:

I'd like to point that for https://github.com/code-423n4/2024-04-renzo-findings/issues/13 the arbitrage can be avoided, by underpricing stETH on deposit (market value), and over pricing it (redemption value) on withdrawal.

Pricing in any other way, due to lack of fees will create arbitrage, while pricing in the way above will protect against it

There is a factually better way to price stETH which is to use it's redemption value, and to be on the safer side, use it's market value on deposit and the redemption value on withdrawal

The in scope configuration is objectively leaking value to arbitrage when compare to the suggest mitigation

I do actually know of other protocols working on similar topics that have recognized this as a problem and taken significant steps to avoid it.

c4-judge commented 1 month ago

alcueca marked the issue as satisfactory

c4-judge commented 1 month ago

alcueca marked the issue as primary issue

c4-judge commented 1 month ago

alcueca marked the issue as selected for report

alcueca commented 1 month ago

Mitigation from sponsor on #424, along with explanation on why both groups should be merged. Namely, that using the market rate for stETH/ETH is what enables arbitraging between different collaterals, and that the fix from this finding will also fix the duplicates.