Closed howlbot-integration[bot] closed 3 months ago
koolexcrypto marked the issue as primary issue
koolexcrypto marked the issue as unsatisfactory: Insufficient quality
koolexcrypto removed the grade
koolexcrypto marked the issue as duplicate of #18
koolexcrypto marked the issue as partial-75
koolexcrypto marked the issue as not a duplicate
koolexcrypto changed the severity to QA (Quality Assurance)
koolexcrypto marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-05-loop/blob/0dc8467ccff27230e7c0530b619524cc8401e22a/src/PrelaunchPoints.sol#L315-L329
Vulnerability details
Impact
The current implementation of converting all excess ETH to LPETH in the contract may inaccurately reflect the total supply of LPETH tokens which should match the total supply of eth.
Proof of Concept
The flawed implementation can be observed in the following code snippet:
This code converts all excess ETH in the contract to LPETH without accurately tracking the total supply of LPETH tokens. As a result, the total supply of deposited ETH may not be synchronized with the total supply of LPETH tokens, leading to potential discrepancies.
Tools Used
Manual code analysis
Recommended Mitigation Steps
To address the issue and ensure accurate tracking of funds within the contract, the following mitigation step is recommended:
update code in function convertAllETH()
Assessed type
Other