search

code-423n4 / 2024-05-bakerfi-findings

4 stars 4 forks source link

StrategyAAVEv3WstETH makes users to pay fee for unwrapping #24

Closed c4-bot-8 closed 5 months ago

c4-bot-8 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-05-bakerfi/blob/main/contracts/core/strategies/StrategyAAVEv3WSTETH.sol#L90-L99

Vulnerability details

Proof of Concept

StrategyAAVEv3WSTETH is UseWstETH, but it doesn't use its function to wrap and unwrap eth. Instead it implements them by itself inside _convertFromWETH and _convertToWETH functions.

The problem is that _convertToWETH function uses uniswap for conversion from wstEth to weth, which will make users to pay fee for a swap. It could be done without a swap directly with wstEth contract to avoid fee loss.

Impact

Users pay extra fee to swap wstEth to weth.

Tools Used

VsCode

Recommended Mitigation Steps

You can use _unwrapWstETH function from UseWstETH contract and then wrap eth to weth.

Assessed type

Error

c4-judge commented 5 months ago

0xleastwood marked the issue as primary issue

0xleastwood commented 5 months ago

Uniswap does not charge fees on swaps between WETH <> ETH, this is done by natively wrapping and unwrapping. There is also no way to swap WSTETH -> WETH without paying some fee or waiting some time to natively unstake from Lido.

Ultimately, the best option is to unwrap directly in the contract WSTETH -> STETH and then perform the necessary swap because the token paid (STETH, WETH/ETH) ultimately has deeper liquidity.

c4-judge commented 5 months ago

0xleastwood marked the issue as unsatisfactory: Insufficient quality