howlbot-integration[bot] commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-05-loop/blob/0dc8467ccff27230e7c0530b619524cc8401e22a/src/PrelaunchPoints.sol#L315-L329

Vulnerability details

Impact

The current implementation of converting all excess ETH to LPETH in the contract may inaccurately reflect the total supply of LPETH tokens which should match the total supply of eth.

Proof of Concept

The flawed implementation can be observed in the following code snippet:

uint256 totalBalance = address(this).balance;
lpETH.deposit{value: totalBalance}(address(this));

This code converts all excess ETH in the contract to LPETH without accurately tracking the total supply of LPETH tokens. As a result, the total supply of deposited ETH may not be synchronized with the total supply of LPETH tokens, leading to potential discrepancies.

Tools Used

Manual code analysis

Recommended Mitigation Steps

To address the issue and ensure accurate tracking of funds within the contract, the following mitigation step is recommended:

update code in function convertAllETH()


        // deposits all the ETH to lpETH contract. Receives lpETH back
        uint256 totalBalance = address(this).balance;
        lpETH.deposit{value: totalBalance}(address(this));

        totalLpETH = lpETH.balanceOf(address(this));
        if (totalLpETH - totalSupply > 0){
         excessEth = totalLpETH - totalSupply;
         totalSupply += excessEth ;// maintianing the ratio 1:1 

} 

        // Claims of lpETH can start immediately after conversion.
        startClaimDate = uint32(block.timestamp);

        emit Converted(totalBalance, totalLpETH);
    }

Assessed type

Other