According to the logic of the protocol (<https://blog.kelpdao.xyz/exploring-a-new-defi-primitive-liquid-restaked-token-lrt-ed0a8f63a4e2>), minted tokens can be swapped on AMMs. This is a serious problem as prices on AMMs follow a bonding curve that are independent from the Chainlink pricing feed. This will create arbitrage opportunities for hackers to profit using the price difference to mint the LRT token on LRTDepositPool (that uses chainlink for pricing) and the price to swap on external AMMs. Furthermore, depending on which AMMs, prices in these AMMs could be manipulated with flashloans.
The end result would be the protocol funds being drained.
Restakers can swap their LRT tokens for other tokens on AMMs or choose to redeem underlying assets through LRT contracts.
Manual review.
Do not use external AMMs to redeem as the prices are not the same as those returned by chainlink.
Other
The text was updated successfully, but these errors were encountered:
All reactions