search

sherlock-audit / 2024-05-napier-update-judging

8 stars 7 forks source link

yamato - `EETHAdapter` wrongfully valuates `EETH : ETH` at 1:1 rate #12

Closed sherlock-admin4 closed 4 months ago

sherlock-admin4 commented 5 months ago

yamato

medium

EETHAdapter wrongfully valuates EETH : ETH at 1:1 rate

Summary

Contract wrongfully assumes EETH has same value as ETH

Vulnerability Detail

This is the totalAssets function within the EETHAdapter, which is responsible to calculate the total value in the contract (denominated in ETH)

    function totalAssets() public view override returns (uint256) {
        uint256 eEthBalance = EETH.balanceOf(address(this));
        return totalQueueEth + bufferEth + eEthBalance;
    }

As it can be seen it valuates EETH at 1:1 rate.

At the time of this report, EETH equals to 1.03851 ETH.

The difference is not insignificant and should be considered. The share rate can be fetched directly from the etherfi LIQUIDITY_POOL contract

Impact

Wrong accounting

Code Snippet

https://github.com/sherlock-audit/2024-05-napier-update/blob/main/napier-v1/src/adapters/etherfi/EETHAdapter.sol#L129

Tool used

Manual Review

Recommendation

fix accounting

massun-onibakuchi commented 5 months ago

doc says EETH is rebase token. we assume share price of EETH is 1 in units of ETH in the same way as stETHAdapater.

https://etherfi.gitbook.io/etherfi/ether.fi-whitepaper/technical-documentation#eeth

sherlock-admin2 commented 4 months ago

2 comment(s) were left on this issue during the judging contest.

z3s commented:

Invalid; No clear impact mentioned

PNS commented:

The eETH token represents a claim on the same amount of ETH (eETH docs)