Users would almost get no reward while investing CETH Tranche
Summary
The CompoundV2's CETH pool is during deprecation, which causes the supply APY continusly keeps extreme low. Users would almost get no reward while investing CETH Tranche.
Vulnerability Detail
Current average APY of ETH staking market is about 3%, but CETH's APY keeps extreme low, sush as only 0.1%. As Compound V2 is under deprecation, their governance incentives users to move fund out to V3.
An example APY at 20-2-2024
The coded PoC shows the APY continusly keeps extreme low.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "forge-std/Test.sol";
import "forge-std/console2.sol";
import {CETH} from "../../../../src/Constants.sol";
import {DateTime} from "../../../../src/utils/DateTime.sol";
interface ICETH {
function supplyRatePerBlock() external view returns (uint);
}
contract ExtremeLowAPY is Test {
string constant MAINNET_RPC_URL = "https://mainnet.gateway.tenderly.co";
ICETH constant cETH = ICETH(CETH);
uint256 constant YEAR = 24 * 3600 * 365;
function testShowAPYOfCETHDuringDeprecation() public {
uint256 startBlock = 19266000;
uint256 blockInterval = 7200;
uint256 count = 30;
for (uint256 i; i < count; ++i) {
uint256 currentBlock = startBlock - i * blockInterval;
vm.createSelectFork(MAINNET_RPC_URL, currentBlock);
uint256 blockRate = cETH.supplyRatePerBlock();
string memory dateTime = _toDateString(block.timestamp);
string memory apy = _toPercentString(_blockRateToAPY(blockRate));
console2.log(string.concat("[", dateTime, "]", " APY = ", apy));
}
}
function _blockRateToAPY(uint256 blockRate) internal pure returns(uint256) {
return blockRate * (YEAR / 12); // 12 seconds per block
}
function _toDateString(uint256 timestamp) internal pure returns (string memory) {
(string memory d, string memory m, string memory y) = DateTime.toDateString(timestamp);
return string.concat(d, "-", m, "-", y);
}
function _toPercentString(uint256 apy) internal pure returns(string memory) {
uint256 d0 = apy / 1e17;
uint256 d1 = (apy % 1e17) / 1e16;
uint256 d2 = (apy % 1e16) / 1e15;
uint256 d3 = (apy % 1e15) / 1e14;
return string.concat(_toString(d0), _toString(d1), ".", _toString(d2), _toString(d3), "%");
}
function _toString(uint256 digital) internal pure returns(string memory str) {
str = new string(1);
bytes16 symbols = "0123456789abcdef";
assembly {
mstore8(add(str, 32), byte(digital, symbols))
}
}
}
KingNFT
medium
Users would almost get no reward while investing
CETH
TrancheSummary
The CompoundV2's
CETH
pool is during deprecation, which causes the supply APY continusly keeps extreme low. Users would almost get no reward while investing CETH Tranche.Vulnerability Detail
Current average APY of ETH staking market is about 3%, but CETH's APY keeps extreme low, sush as only 0.1%. As Compound V2 is under deprecation, their governance incentives users to move fund out to V3.
An example APY at 20-2-2024
The coded PoC shows the APY continusly keeps extreme low.
And the test logs
Impact
Users would almost get no reward while investing CETH Tranche, which finally makes the contract useless.
Code Snippet
https://github.com/sherlock-audit/2024-01-napier/blob/main/napier-v1/src/adapters/compoundV2/WrappedCETHAdapter.sol#L23
Tool used
Manual Review
Recommendation
Integrating Compound V3 instead of V2