sherlock-admin4
commented
2 months ago 1 comment(s) were left on this issue during the judging contest.
0xmystery commented:
Lacks proof to substantiate the bug. It's submit() and transfer() that matter on stEth
unRekt
Medium
Rebasing tokens can break functionality of
getStakingTokensForVaultSharefunction inBaseStakingVault.solSummary
Using rebase tokens in
getStakingTokensForVaultSharecan break functionality.Vulnerability Detail
The
getStakingTokensForVaultSharefunction has comments mentioning -This means that the functionality of
getStakingTokensForVaultSharecan break if any rebasing token is used. Firstly there are no checks which ensures that no rebasing tokens are used. Secondly,stETHwhich is being approved in thetriggerExtraStepfunction ofKelp.solis a rebasing token. See hereLink to
getStakingTokensForVaultShare: https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/14d3eaf0445c251c52c86ce88a84a3f5b9dfad94/leveraged-vaults-private/contracts/vaults/staking/BaseStakingVault.sol#L93-L98Link to
triggerExtraStep: https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/14d3eaf0445c251c52c86ce88a84a3f5b9dfad94/leveraged-vaults-private/contracts/vaults/staking/protocols/Kelp.sol#L69-L86The protocol as per the documentation mentions use of the following tokens: EtherFi: weETH, eETH Ethena: USDe, sUSDe Pendle: PT tokens Kelp: rsETH Use of stETH from Lido is not mentioned.
Impact
If a function is not meant to handle rebasing tokens and rebasing tokens are being passed in it, then it breaks the functionality of that function. Which can lead to unexpected behavior of the protocol. Check potential hazards of using stETH here
Code Snippet
Tool used
Manual Review
Recommendation
Implement checks for ensuring that tokens which can enter the
getStakingTokensForVaultSharefunction are not rebasing.