search

sherlock-audit / 2024-01-napier-judging

8 stars 5 forks source link

givn - Lido StEtherAdapter deposits ETH 1-1 instead of buying it for discount #122

Closed sherlock-admin2 closed 5 months ago

sherlock-admin2 commented 5 months ago

givn

medium

Lido StEtherAdapter deposits ETH 1-1 instead of buying it for discount

Summary

Most of the time stETH can be bought at a discount compared to directly staking it with Lido.

Vulnerability Detail

Link to function StEthAdapter::_stake

stETH/ETH chainlink oracle

Currently, the price of stETH is Ξ0.9994409522

Impact

Every time the Adapter deposits ETH at a loss. Thus, protocol users miss out on rewards.

Code Snippet

Scraped historical data using Chainlink going back 4 months. Created a table that demonstrates losses on each deposit. Entries are about 10 days apart.

roundId answer As ETH LOSS IN BPS startedAt updatedAt
18446744073709552547 999457947390817200 0.9994579474 5.420526092 1708786247 1708786247
18446744073709552537 999699926843282000 0.9996999268 3.000731567 1708008239 1708008239
18446744073709552527 1000399998361680000 1.000399998 -3.999983617 1707144011 1707144011
18446744073709552517 999565372208657300 0.9995653722 4.346277913 1706312051 1706312051
18446744073709552507 999627179555925800 0.9996271796 3.728204441 1705447883 1705447883
18446744073709552497 998783499176941900 0.9987834992 12.16500823 1704583631 1704583631
18446744073709552487 999461275172666600 0.9994612752 5.387248273 1703719499 1703719499
18446744073709552477 999792222545213300 0.9997922225 2.077774548 1702855379 1702855379
18446744073709552467 999500000000000000 0.9995 5 1701991235 1701991235
18446744073709552457 999361874271695000 0.9993618743 6.381257283 1701127043 1701127043
18446744073709552447 998666829396238100 0.9986668294 13.33170604 1700262827 1700262827
18446744073709552437 999452254614555900 0.9994522546 5.477453854 1699398659 1699398659
18446744073709552427 999400739520325800 0.9994007395 5.992604797 1698534323 1698534323

The data shows that Napier will lock in a loss of up to 13 BPS, just on deposit. Swap fees would cost far less than this.

You can browse different periods by using the command below:

cast call 0x86392dC19c0b719886221c78AB11eb8Cf5c52812 --rpc-url [url] "getRoundData(uint80)(uint80,int256,uint256,uint256,uint80)" [roundId]

Tool used

Manual Review Oracle historical data

Recommendation

Check if it's cheaper to buy stETH in DEX instead of staking it 1:1 with Lido.

sherlock-admin commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

I think this is desing decision