Closed sherlock-admin closed 7 months ago
0xumarkhatab
high
Due to an incorrect feed address check , the _addAsset will always revert when adding assets price feeds involving ether as one token.
The _addAsset incorrectly validates the ether-toke pair parice feed.
function _addAsset(AssetConfig calldata config) internal { if (isSupportedAsset(config.asset)) revert ASSET_ALREADY_SUPPORTED(config.asset); if (config.asset == address(0)) revert INVALID_ASSET_ADDRESS(); uint8 decimals = config.asset == ETH_ADDRESS ? 18 : IERC20Metadata(config.asset).decimals(); if (config.asset == ETH_ADDRESS) { ->>> if (config.priceFeed != address(0)) revert INVALID_PRICE_FEED(); if (config.strategy != BEACON_CHAIN_STRATEGY) revert INVALID_STRATEGY(); } else {
Instead of checking for a zero address and if the price feed is zero ( the address of feed is invalid ) and revert, It does the opposite case.
if (config.priceFeed != address(0)) revert INVALID_PRICE_FEED();
Likehood : High Impact : High
Ether based assets will not be added in Registry
https://github.com/sherlock-audit/2024-02-rio-network-core-protocol/blob/main/rio-sherlock-audit/contracts/restaking/RioLRTAssetRegistry.sol#L331-L332
Manual Review
Replace the != check by ==
!=
==
if (config.priceFeed == address(0)) revert INVALID_PRICE_FEED();
Invalid, check is correct
0xumarkhatab
high
H-1 : DoS while adding Ether Pair asset in RioLRTAssetRegistry
Summary
Due to an incorrect feed address check , the _addAsset will always revert when adding assets price feeds involving ether as one token.
Vulnerability Detail
The _addAsset incorrectly validates the ether-toke pair parice feed.
Instead of checking for a zero address and if the price feed is zero ( the address of feed is invalid ) and revert, It does the opposite case.
Likehood : High Impact : High
Impact
Ether based assets will not be added in Registry
Code Snippet
https://github.com/sherlock-audit/2024-02-rio-network-core-protocol/blob/main/rio-sherlock-audit/contracts/restaking/RioLRTAssetRegistry.sol#L331-L332
Tool used
Manual Review
Recommendation
Replace the
!=
check by==