Lucene search

K
code423n4Code4renaCODE423N4:2023-11-KELP-FINDINGS-ISSUES-869
HistoryNov 15, 2023 - 12:00 a.m.

Potential arbitrage opportunity

2023-11-1500:00:00
Code4rena
github.com
1
arbitrage
vulnerability
lrtdepositpool
pricing feed
amms
flashloans
protocol funds

7 High

AI Score

Confidence

Low

Lines of code

Vulnerability details

Impact

According to the logic of the protocol (<https://blog.kelpdao.xyz/exploring-a-new-defi-primitive-liquid-restaked-token-lrt-ed0a8f63a4e2&gt;), minted tokens can be swapped on AMMs. This is a serious problem as prices on AMMs follow a bonding curve that are independent from the Chainlink pricing feed. This will create arbitrage opportunities for hackers to profit using the price difference to mint the LRT token on LRTDepositPool (that uses chainlink for pricing) and the price to swap on external AMMs. Furthermore, depending on which AMMs, prices in these AMMs could be manipulated with flashloans.

The end result would be the protocol funds being drained.

#Proof of Concept:

Restakers can swap their LRT tokens for other tokens on AMMs or choose to redeem underlying assets through LRT contracts.

Tools Used

Manual review.

Recommended Mitigation Steps

Do not use external AMMs to redeem as the prices are not the same as those returned by chainlink.

Assessed type

Other


The text was updated successfully, but these errors were encountered:

All reactions

7 High

AI Score

Confidence

Low