search

code-423n4 / 2024-06-renzo-mitigation-findings

0 stars 0 forks source link

H-08 MitigationConfirmed #55

Open c4-bot-7 opened 3 months ago

c4-bot-7 commented 3 months ago

Lines of code

Vulnerability details

C4 Issue

H-08: https://github.com/code-423n4/2024-04-renzo-findings/issues/28

Issue Details

Function calculateTVLs() is used to calculate TVL of protocol. It pass wrong variable collateralTokens[i] instead of collateralTokens[j] to calculate price, lead to wrong value calculated

function calculateTVLs() public view returns (uint256[][] memory, uint256[] memory, uint256) {
   .   .   .   .   .   .   .
            // record token value of withdraw queue
            if (!withdrawQueueTokenBalanceRecorded) {
                totalWithdrawalQueueValue += renzoOracle.lookupTokenValue(
                    collateralTokens[i],   // <---
                    collateralTokens[j].balanceOf(withdrawQueue)
                );
            }
   .   .   .   .   .   .   .
}

Mitigation

The mitigation successfully mitigates the original issue by modifying collateralTokens[i] to collateralTokens[i], now the price will return correctly.

Conclusion

Mitigation confirmed.

c4-judge commented 3 months ago

alcueca marked the issue as satisfactory