16 matches found
Getting exchange rate function is wrong
Lines of code Vulnerability details Impact Unmatched function for getting the exchange rate can lead to being unable to mint PeUSD when depositing ETH into Rocket Pool. Proof of Concept The interface used in LybraRETHVault.sol for getting the exchange rate does not match the target contract RETH...
Chainlink price feed responses are not validated
NEW ISSUE - MITIGATION IS NOT CONFIRMED NEW ISSUE - MITIGATION IS NOT CONFIRMED adriro-NEW-H-02 Chainlink price feed responses are not validated Link to changesets: Impact The protocol team introduced Chainlink price feeds for the Reth and WstEth derivatives in order to mitigate price manipulatio...
Mitigation of M-08: Issue NOT mitigated
Mitigated issue M-08: Possible DoS on unstake The issue is that a potential time-lock in Rocket Pool may cause RocketTokenRETHInterfacerethAddress.burnamount to revert, which prevents frequent withdrawals and unstakes. Mitigation review Reth.withdraw still calls...
Mitigation of M-08: Issue not mitigated
MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-08: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings685 Comments First, there is a clear error in the associated description of mitigation: "Use Chainlink to get rETH". Using Chainlink to obtain the...
Mitigation Confirmed for M-01
MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-01: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings1078 Comments While the "division before multiplication" issues described in M-01 have been mitigated in the proposed changeset, there are other case...
Mitigation of M-05: Issue not mitigated, mitigation errors
MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-05: Issue not mitigated, mitigation errors Link to Issue: code-423n4/2023-03-asymmetry-findings812 Comments The issue describes missing checks associated with staking requirements for the WstEth and Reth derivative. The...
Mitigation of M-06: See comments
Mitigation of M-06: See comments Link to Issue: code-423n4/2023-03-asymmetry-findings770 Comments Sponsor decided not to mitigate the issue with the following comment: This is as expected I agree that the issue is TOO broad and some of the described scenarios don't make sense at all e.g. the...
Assuming a 1-1 peg of Liquid Staked Tokens like stETH and rETH to ETH is dangerous
Lines of code Vulnerability details Impact The price of ETH staking derivatives may not be pegged 1-1 to ETH which affect staking conditions. Proof of Concept To stake eth, a user calls depositBeaconChainETH. The amount parameter is passed into the addShares function. In addShares, the amount...
Upgraded Q -> 2 from #463 [1682585731493]
Judge has assessed an item in Issue 463 as 2 risk. The relevant finding follows: L-08 Swapping in Reth.sol may be sub-optimal The Reth pool uses the Weth/Reth 0.05% fee pool to swap between weth and reth. I recommend using the balancer pool to swap instead as it has 80M liquidity compared to...
Swap deadline for Reth derivative cannot be specified and used for staking
Lines of code Vulnerability details Impact When calling the following Reth.deposit function, uint256 amountSwapped = swapExactInputSingleHopWETHADDRESS, rethAddress, 500, msg.value, minOut can be executed. Calling the Reth.swapExactInputSingleHop function below then calls...
Reth deposit conditionally relies on unreliable price source.
Lines of code Vulnerability details Impact Deposits are exposed to unnecessary risk by using Uni v3 Weth/Reth Pool as an oracle. It is also possible for staking to be inoperable due to over/underflow. Proof of Concept In the event of !poolCanDepositmsg.value in Reth.sol deposit, this derivative...
the depositor can get sanwich attack when call stake in SafEth and deposit in RETH
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. users who stake eth from call function stake in will get sandwich attack, which users will lose money Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or an...
Reth flashloan attack
Lines of code Vulnerability details Impact Using a flashloan to manipulate rETH/ETH price a hacker can receive more SafEth shares for the same amount of ether, thus draining all three derivative contracts rETH, SfrxEth and WstEth. Proof of Concept Reth.poolPrice depends on UniswapV3 pool.slot0...
[H-01] RETH oracle manipulation allows attacker to steal funds
Lines of code Vulnerability details Impact The Asymmetry SafEth protocol aims to help diversify and decentralize liquid staking derivatives, exchanging ether staked in the protocol for staked ether derivative tokens based on some relative weighting. A function exposed by these derivative wrapper...
Reth griefing
Lines of code Vulnerability details Impact The maximum slippage when buying rETH from the Uniswap V3 pool is calculated in Reth derivative contract by taking the current price in the Uniswap V3 pool at runtime, without taking into account the price at which the user sent the transaction to the...
Spot UniswapV3 pricing for rETH when staking in SafEth can lead to loss of user funds
Lines of code Vulnerability details Impact An attacker can craft a set of transactions so that when they are depositing funds in the SafEth contract, using the stake function, they can understate the value of existing deposits preDepositPrice value, while overstating the value of their deposit...