search

sherlock-audit / 2023-12-flatmoney-judging

9 stars 8 forks source link

ubl4nk - getKeeperFee is calculating the keeper fee based on the ETH price not rETH #209

Closed sherlock-admin closed 5 months ago

sherlock-admin commented 5 months ago

ubl4nk

high

getKeeperFee is calculating the keeper fee based on the ETH price not rETH

Summary

There mentioned in the README that the collateral will be rETH but getKeeperFee is actually calculating keeper-fee based on the ETH price not rETH.

Vulnerability Detail

Wee the function is calculating the fee based on the ETH price, but it actually should be the rETH:

function getKeeperFee() public view returns (uint256 keeperFeeCollateral) {
        uint256 ethPrice18;
        {
            (, int256 ethPrice, , uint256 ethPriceupdatedAt, ) = _ethOracle.latestRoundData();
            if (block.timestamp >= ethPriceupdatedAt + _STALENESS_PERIOD) revert FlatcoinErrors.ETHPriceStale();
            if (ethPrice <= 0) revert FlatcoinErrors.ETHPriceInvalid();
            ethPrice18 = uint256(ethPrice) * 1e10; // from 8 decimals to 18
        }
        // NOTE: Currently the market asset and collateral asset are the same.
        // If this changes in the future, then the following line should fetch the collateral asset, not market asset.
        (uint256 collateralPrice, uint256 timestamp) = _oracleModule.getPrice();

        if (collateralPrice <= 0) revert FlatcoinErrors.PriceInvalid(FlatcoinErrors.PriceSource.OnChain);

        if (block.timestamp >= timestamp + _STALENESS_PERIOD)
            revert FlatcoinErrors.PriceStale(FlatcoinErrors.PriceSource.OnChain);

Impact

Wrong collateralPrice will be calculated and wrong amount will be calculated for keeper-fee.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/bba4f077a64f43fbd565f8983388d0e985cb85db/flatcoin-v1/src/misc/KeeperFee.sol#L81-L93

Tool used

Manual Review

Recommendation

Consider using rETH price in calculations.

sherlock-admin commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

nevillehuang commented 5 months ago

Invalid, seemingly duplicate of #90, but the configuration is correct. It is intended to use ETH price to convert to collateral of rETH price subsequently. The correct root cause should be the lack of rETH/USD on base chain