c4-judge
commented
3 months ago alcueca marked the issue as satisfactory
Open c4-bot-4 opened 3 months ago
c4-judge
commented
3 months ago alcueca marked the issue as satisfactory
Lines of code
Vulnerability details
See:
Navigating to M-12 from the previous contest we can see that there was an issue in regards to the
xRenzoDeposit.solcontract, which serves as both the entry point for deposits on Layer 2 (L2) networks and a rate provider for Balancer pools, enabling these pools to determine the exchange rate between xezWETH and WETH tokens.The crux of the issue is the fact that the
getRate()function inxRenzoDepositreturns an outdated and potentially incorrect rate by solely relying on thelastPricestate variable, cause this rate can become stale ifupdatePrice()orupdatePriceByOwner()are not called frequently, and could as well differ from the rate used during the minting of xezETH, which utilizes the most recent data from the oracle andlastPrice. As a result, this discrepancy can lead to mispricing in Balancer pools, incorrect yield calculations, and potential manipulation during pool joins and exits.Now to mitigate this issue, protocol passed this pull request which sufficiently mitigates the issue, considering the
getRate()function has now being updated to return the same rate used during the minting of xezETH by callinggetMintRate()instead of directly returninglastPrice, i.e:Would be key to note that the previous implementation of the function is the below https://github.com/code-423n4/2024-04-renzo/blob/1c7cc4e632564349b204b4b5e5f494c9b0bc631d/contracts/Bridge/L2/xRenzoDeposit.sol#L457-L460:
The diff check however did not explicitly update from the previous implementation, however the pull request is justified for the fix, cause with the current adjustment, protocol ensures that the rate provided to Balancer pools is accurate and consistent with the minting process.