search

sherlock-audit / 2024-01-napier-judging

9 stars 6 forks source link

AuditorPraise - Tranche.issue() may revert @ `adapter.prefundedDeposit()` Ln if adapter is RETH Adapter. #44

Closed sherlock-admin2 closed 7 months ago

sherlock-admin2 commented 7 months ago

AuditorPraise

medium

Tranche.issue() may revert @ adapter.prefundedDeposit() Ln if adapter is RETH Adapter.

Summary

Rocket pool deposits could be disabled and this directly affects the functionality of a contract in scope for this audit.

Vulnerability Detail

Tranche.issue() issues Principal Token (PT) and Yield Token (YT) to to in exchange for underlyingAmount of underlying token.

The issue is that the function may revert at Ln 208 if the Adapter is RETH Adapter 

 (, uint256 sharesMinted) = adapter.prefundedDeposit();

this revert will be caused due to RETH Adapter's failure to check if the Rocket pool deposits are enabled before attempting to deposit into it.

 function prefundedDeposit() external override returns (uint256, uint256) {
        uint256 wethBal = IWETH9(WETH).balanceOf(address(this));
        // Return early if zero balance
        if (wethBal == 0) {
            return (0, 0);
        }
        // Unwrap WETH to ETH
        IWETH9(WETH).withdraw(wethBal);
        // Forward deposit to RP & get amount of rETH minted
        uint256 rethbalBefore = IRocketETH(RETH).balanceOf(address(this));
        IRocketDepositPool rocketDepositPool = IRocketDepositPool(rocketStorage.getAddress(ROCKET_DEPOSIT_POOL_KEY));
        // Deposit ETH to Rocket Pool
        // check: slither "arbitrary-send-eth"
    @>  rocketDepositPool.deposit{value: wethBal}();
        uint256 sharesMinted = IRocketETH(RETH).balanceOf(address(this)) - rethbalBefore;

        IRocketETH(RETH).safeTransfer(msg.sender, sharesMinted);

        return (wethBal, sharesMinted);
    }

see here

    /// @notice Deposits ETH into Rocket Pool and mints the corresponding amount of rETH to the caller
    function deposit() override external payable onlyThisLatestContract {
        // Check deposit settings
        RocketDAOProtocolSettingsDepositInterface rocketDAOProtocolSettingsDeposit = RocketDAOProtocolSettingsDepositInterface(getContractAddress("rocketDAOProtocolSettingsDeposit"));
        require(rocketDAOProtocolSettingsDeposit.getDepositEnabled(), "Deposits into Rocket Pool are currently disabled");
        require(msg.value >= rocketDAOProtocolSettingsDeposit.getMinimumDeposit(), "The deposited amount is less than the minimum deposit size");

Impact

Tranche.issue() may revert @ adapter.prefundedDeposit() Ln if adapter is RETH Adapter.

Code Snippet

https://github.com/sherlock-audit/2024-01-napier/blob/main/napier-v1/src/Tranche.sol#L208

https://github.com/sherlock-audit/2024-01-napier/blob/main/napier-v1/src/adapters/rocketPool/RETHAdapter.sol#L65

Tool used

Manual Review

Recommendation

check in the RETH Adapter if the Rocket pool deposit's are enabled before depositing. If it isn't, look for a way around.

sherlock-admin commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Low