search

sherlock-audit / 2023-05-ecoprotocol-judging

1 stars 0 forks source link

cccz - When the protocol is initially deployed, the inflationMultiplier for L1 and L2 may not be equal #127

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

cccz

medium

When the protocol is initially deployed, the inflationMultiplier for L1 and L2 may not be equal

Summary

When the protocol is initially deployed, the inflationMultiplier for L1 and L2 may not be equal, and depositors may profit or lose due to this.

Vulnerability Detail

The L1ECOBridge.rebase function is used to synchronize the inflationMultiplier of L1 and L2.

    function rebase(uint32 _l2Gas) external {
        inflationMultiplier = IECO(l1Eco).getPastLinearInflation(
            block.number
        );

        bytes memory message = abi.encodeWithSelector(
            IL2ECOBridge.rebase.selector,
            inflationMultiplier
        );

        sendCrossDomainMessage(l2TokenBridge, _l2Gas, message);
    }

However, at the time the protocol is deployed, L1.inflationMultiplier == _l1Eco.getPastLinearInflation(block.number),

        inflationMultiplier = IECO(_l1Eco).getPastLinearInflation(
            block.number
        );

L2.inflationMultiplier == INITIAL_INFLATION_MULTIPLIER == 1e18.

        inflationMultiplier = l2Eco.INITIAL_INFLATION_MULTIPLIER();

If L1.inflationMultiplier is not equal to 1e18, the depositor may profit or lose as a result.

Consider L1.inflationMultiplier == 1.1e18, a depositor depositing 1000 l1Eco will mint 1000 * 1.1/1 = 1100 l2Eco, and when the inflationMultiplier is synchronized, the depositor can withdraw 1100 l1Eco.

Consider L1.inflationMultiplier == 0.9e18, the depositor depositing 1000 l1Eco will mint 1000 *0.9/1 = 900 l2Eco and when the inflationMultiplier is synchronized, the depositor can only withdraw 900 l1Eco.

Impact

If L1.inflationMultiplier is not equal to 1e18, the depositor may profit or lose as a result.

Code Snippet

https://github.com/eco-association/op-eco//blob/39f205fb46eea3df770f0119a890ffdc1ac8f382/contracts/bridge/L1ECOBridge.sol#L296-L307 https://github.com/eco-association/op-eco//blob/39f205fb46eea3df770f0119a890ffdc1ac8f382/contracts/bridge/L1ECOBridge.sol#L129-L131 https://github.com/eco-association/op-eco//blob/39f205fb46eea3df770f0119a890ffdc1ac8f382/contracts/bridge/L1ECOBridge.sol#L333-L350 https://github.com/eco-association/op-eco//blob/39f205fb46eea3df770f0119a890ffdc1ac8f382/contracts/bridge/L2ECOBridge.sol#L161-L162

Tool used

Manual Review

Recommendation

Consider that deposits are allowed only after the first rebase is called to synchronize the inflationMultiplier of L1 and L2