Closed sherlock-admin2 closed 5 months ago
Request PoC
PoC requested from @ydspa
Requests remaining: 12
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Escalate
I think the origin report has clearly illustrated the Vulnerability concept. And as a circumstantial evidence, let's also think about why there are none of any existing CEX/DEX list Perpetual market for interest bearing assets such as rETH/cbETH/wstETH.
Escalate
I think the origin report has clearly illustrated the Vulnerability concept. And as a circumstantial evidence, let's also think about why there are none of any existing CEX/DEX list Perpetual market for interest bearing assets such as rETH/cbETH/wstETH.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
This is what LPs sign up for. They aren't forced to do this, and they can hedge this risk in and outside of the protocol, right?
Independently, I'd like @D-Ig @itsermin @rashtrakoff to have a look at this issue.
@Czar102 This seems out of scope of the contest.
There are fees earned by LP for providing liquidity for borrowing. I think I need a better PNL analysis of this issue to decide.
Indeed, this is out of scope. An investment may be "bad", but it works as expected.
Independently, I'm wondering if the funding rate doesn't counter this by any chance?
Result: Low Unique
The escalator didn't make their point clear, and I see no basis to validate this issue. The system works as intended, and having a financial product bring statistical losses because of the design is not a valid issue.
The yield accrued by LSTs is not lost. There is much more nuance to how LST collateral behaves when compared to let's say ETH. Let's analyse this:
rETH/ETH exchange rate is crucial here. Let's say it's 1.10 ETH per rETH. This exchange rate continuously increases under ideal conditions. So when ETH price goes up by let's say 5%, rETH price actually goes up by more than this (5.5%). This in turn means the funding rates turn more to the favour of the LPs.
So is the rETH staking yield being accrued to the LPs or the leverage traders? This is difficult to ascertain. On one hand ETH price increase corresponds to profit to the leverage traders and this is amplified due to rETH/ETH exchange rate. At the same time LPs are being paid funding (assuming market is long skewed) much more than they would have had in case ETH was the collateral. Only time will tell if using rETH was a good idea or not.
KingNFT
high
Liqudity providers effectively lost their Rocket pool staking rewards while integrating with the protocol
Summary
If we treat betting on price of crypto assets such as BTC/ETH as a
50:50
win game, then betting on price of interest bearing asset such as stETH/rETH is more likely a55:45
game. As the long side has an inherent advantage, which would cause liqudity providers of Flatcoin effectively lost their Rocket pool staking rewards while integrating with the protocol.Vulnerability Detail
Let's say the initial states are
Some time later, the ratio increases to
1.2
due to Rocket pool's staking reward, and the ETH price keeps same, then we getWe can see the long side Alice happens to win the $200 Rocket pool's staking reward while ETH price keeps steady. And Liqudity providers of Flatcoin is the losing side. They are effectively losing their Rocket pool staking rewards while betting with traders on rETH's price.
Impact
Liqudity providers effectively lost their Rocket pool staking rewards.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/bba4f077a64f43fbd565f8983388d0e985cb85db/flatcoin-v1/src/StableModule.sol#L61
Tool used
Manual Review
Recommendation
Not 100% sure if replacing with ETH oracle price can work with rETH as collateral, but looks like it's an option.