search

code-423n4 / 2024-06-renzo-mitigation-findings

0 stars 0 forks source link

H-02 MitigationConfirmed #9

Open c4-bot-1 opened 1 month ago

c4-bot-1 commented 1 month ago

Lines of code

Vulnerability details

C4 issue

H-02: Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

Link to issue

Comments

The original implementation of the getTokenBalanceFromStrategy function uses queuedShares[address(this)] to check if there are currently any queued shares for the specified token. However, the queueWithdrawals function saves queued shares for a specific token using the token address as the key. Therefore, queuedShares will always be missed when the calculateTVL function is called, leading to inaccurate TVL values.

Mitigation

PR: Pull Request 87 - H02FIX

The fix updates the getTokenBalanceFromStrategy function to use the token address as the key for checking queued shares. This change leads to accurate calculations of the queued withdrawals.

    /// @dev Gets the underlying token amount from the amount of shares + queued withdrawal shares
    function getTokenBalanceFromStrategy(IERC20 token) external view returns (uint256) {
        return
            queuedShares[address(token)] == 0
                ? tokenStrategyMapping[token].userUnderlyingView(address(this))
                : tokenStrategyMapping[token].userUnderlyingView(address(this)) +
                    tokenStrategyMapping[token].sharesToUnderlyingView(
                        queuedShares[address(token)]
                    );
    }

Conclusion

The modification to use the token address as the key in the getTokenBalanceFromStrategy function resolves the issue of inaccurate TVL calculation and incorrect ezETH mint rates.

c4-judge commented 4 weeks ago

alcueca marked the issue as satisfactory

c4-judge commented 4 weeks ago

alcueca marked the issue as confirmed for report