search

code-423n4 / 2024-06-renzo-mitigation-findings

0 stars 0 forks source link

M-12 MitigationConfirmed #15

Open c4-bot-3 opened 4 weeks ago

c4-bot-3 commented 4 weeks ago

Lines of code

Vulnerability details

Lines of code

Vulnerability details

C4 issue

M-12: Incorrect exchange rate provided to Balancer pools

Link to issue

Comments

The xRenzoDeposit contract’s getRate function is used by Balancer pools on L2s to get the exchange rate between xezWETH and WETH tokens.

The problem is that the getRate function returns the lastPrice state variable, which lacks any staleness checks and may be outdated compared to the rate provided by getMintRate in the oracle contract, leading to the possibility of incorrect exchange rates and potential arbitrage opportunities.

Mitigation

PR: Pull Request 113

The fix modifies the getRate function to call the getMintRate function to fetch the current price, ensuring the exchange rate is accurate and up-to-date. It also adds a staleness check to ensure the oracle price is not past the expiration date (1 day).

    function getRate() external view override returns (uint256) {
        (uint256 _lastPrice, uint256 _lastPriceTimestamp) = getMintRate();
        if (block.timestamp > _lastPriceTimestamp + 1 days) {
            revert OraclePriceExpired();
        }
        return _lastPrice;
    }

Conclusion

By updating the getRate function to call getMintRate and adding a staleness check, the xRenzoDeposit contract now provides accurate and up-to-date exchange rates to Balancer pools

c4-judge commented 3 weeks ago

alcueca marked the issue as satisfactory

c4-judge commented 3 weeks ago

alcueca marked the issue as confirmed for report