Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-09-ASYMMETRY-FINDINGS-ISSUES-64
HistorySep 27, 2023 - 12:00 a.m.

VotiumStrategy.price() does not validate Chainlink response

2023-09-2700:00:00
Code4rena
github.com
1
votiumstrategy
chainlink validation
afeth.deposit()
vafeth
afeth
ethpercvx(true)

7 High

AI Score

Confidence

Low

JSON

Lines of code

Vulnerability details

Impact

AfEth.deposit() may mint an incorrect amount of afEth.
VotiumStrategy.price() may return an incorrect price of vAfEth.
AfEth.price() may return an incorrect price of afEth.

Proof of Concept

VotiumStrategy.price()

function price() external view override returns (uint256) {
    return (cvxPerVotium() * ethPerCvx(false)) / 1e18;
}

calls ethPerCvx(false) where false implies that the Chainlink response is not validated. VotiumStrategy.price() may thus return an invalid value.
VotiumStrategy.price() is used by AfEth.price() in the calculation of the price of afEth. Both of these price() are used in AfEth.deposit() to calculate the amount of afEth to mint. If the Chainlink response is invalid an incorrect amount of afEth may thus be minted, instead of reverting.

Recommended Mitigation Steps

ethPerCvx(true) is used in the far less critical AfEth.depositRewards(). It should be used here as well.

Assessed type

Invalid Validation

The text was updated successfully, but these errors were encountered:

All reactions

7 High

AI Score

Confidence

Low

JSON