4 matches found
An attacker can manipulate the preDepositvePrice to steal from other users.
Lines of code Vulnerability details Impact The first user that stakes can manipulate the total supply of sfTokens and by doing so create a rounding error for each subsequent user. In the worst case, an attacker can steal all the funds of the next user. Proof of Concept When the first user enters...
Mint amount calculation in deposit is incorrect
Lines of code Vulnerability details Summary The calculation in the deposit function of the DepositPool contract is flawed as it factors the deposited amount into the RSETH price to calculate the amount to mint. Impact When a user deposits in the DepositPool contract, the amount of RSETH to mint i...
Missing slippage check in deposit function
Lines of code Vulnerability details Summary Users depositing in the protocol have no control over the amount of RSETH minted in return for their deposit. Impact The depositAsset function present in the LRTDepositPool contract allows users to deposit any of the supported assets into the protocol i...
M-05 Unmitigated
Lines of code Vulnerability details The mitigation makes accrueDrip is disable until the totalSupply 0. But the lastReport blocknumber is not updated. So all the dripped rewards still are collected by the first staker when the drip modifier is called at the second time. Impact If wxETH drips when...