Lucene search
K

16 matches found

Code423n4
Code423n4
added 2023/07/03 12:0 a.m.9 views

Getting exchange rate function is wrong

Lines of code Vulnerability details Impact Unmatched function for getting the exchange rate can lead to being unable to mint PeUSD when depositing ETH into Rocket Pool. Proof of Concept The interface used in LybraRETHVault.sol for getting the exchange rate does not match the target contract RETH...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.13 views

Chainlink price feed responses are not validated

NEW ISSUE - MITIGATION IS NOT CONFIRMED NEW ISSUE - MITIGATION IS NOT CONFIRMED adriro-NEW-H-02 Chainlink price feed responses are not validated Link to changesets: Impact The protocol team introduced Chainlink price feeds for the Reth and WstEth derivatives in order to mitigate price manipulatio...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.13 views

Mitigation of M-08: Issue NOT mitigated

Mitigated issue M-08: Possible DoS on unstake The issue is that a potential time-lock in Rocket Pool may cause RocketTokenRETHInterfacerethAddress.burnamount to revert, which prevents frequent withdrawals and unstakes. Mitigation review Reth.withdraw still calls...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.13 views

Mitigation of M-08: Issue not mitigated

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-08: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings685 Comments First, there is a clear error in the associated description of mitigation: "Use Chainlink to get rETH". Using Chainlink to obtain the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.7 views

Mitigation Confirmed for M-01

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-01: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings1078 Comments While the "division before multiplication" issues described in M-01 have been mitigated in the proposed changeset, there are other case...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.13 views

Mitigation of M-05: Issue not mitigated, mitigation errors

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-05: Issue not mitigated, mitigation errors Link to Issue: code-423n4/2023-03-asymmetry-findings812 Comments The issue describes missing checks associated with staking requirements for the WstEth and Reth derivative. The...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.8 views

Mitigation of M-06: See comments

Mitigation of M-06: See comments Link to Issue: code-423n4/2023-03-asymmetry-findings770 Comments Sponsor decided not to mitigate the issue with the following comment: This is as expected I agree that the issue is TOO broad and some of the described scenarios don't make sense at all e.g. the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/04 12:0 a.m.10 views

Assuming a 1-1 peg of Liquid Staked Tokens like stETH and rETH to ETH is dangerous

Lines of code Vulnerability details Impact The price of ETH staking derivatives may not be pegged 1-1 to ETH which affect staking conditions. Proof of Concept To stake eth, a user calls depositBeaconChainETH. The amount parameter is passed into the addShares function. In addShares, the amount...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/27 12:0 a.m.12 views

Upgraded Q -> 2 from #463 [1682585731493]

Judge has assessed an item in Issue 463 as 2 risk. The relevant finding follows: L-08 Swapping in Reth.sol may be sub-optimal The Reth pool uses the Weth/Reth 0.05% fee pool to swap between weth and reth. I recommend using the balancer pool to swap instead as it has 80M liquidity compared to...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.8 views

Swap deadline for Reth derivative cannot be specified and used for staking

Lines of code Vulnerability details Impact When calling the following Reth.deposit function, uint256 amountSwapped = swapExactInputSingleHopWETHADDRESS, rethAddress, 500, msg.value, minOut can be executed. Calling the Reth.swapExactInputSingleHop function below then calls...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.7 views

Reth deposit conditionally relies on unreliable price source.

Lines of code Vulnerability details Impact Deposits are exposed to unnecessary risk by using Uni v3 Weth/Reth Pool as an oracle. It is also possible for staking to be inoperable due to over/underflow. Proof of Concept In the event of !poolCanDepositmsg.value in Reth.sol deposit, this derivative...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.7 views

the depositor can get sanwich attack when call stake in SafEth and deposit in RETH

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. users who stake eth from call function stake in will get sandwich attack, which users will lose money Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or an...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.11 views

Reth flashloan attack

Lines of code Vulnerability details Impact Using a flashloan to manipulate rETH/ETH price a hacker can receive more SafEth shares for the same amount of ether, thus draining all three derivative contracts rETH, SfrxEth and WstEth. Proof of Concept Reth.poolPrice depends on UniswapV3 pool.slot0...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.15 views

[H-01] RETH oracle manipulation allows attacker to steal funds

Lines of code Vulnerability details Impact The Asymmetry SafEth protocol aims to help diversify and decentralize liquid staking derivatives, exchanging ether staked in the protocol for staked ether derivative tokens based on some relative weighting. A function exposed by these derivative wrapper...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.11 views

Reth griefing

Lines of code Vulnerability details Impact The maximum slippage when buying rETH from the Uniswap V3 pool is calculated in Reth derivative contract by taking the current price in the Uniswap V3 pool at runtime, without taking into account the price at which the user sent the transaction to the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.11 views

Spot UniswapV3 pricing for rETH when staking in SafEth can lead to loss of user funds

Lines of code Vulnerability details Impact An attacker can craft a set of transactions so that when they are depositing funds in the SafEth contract, using the stake function, they can understate the value of existing deposits preDepositPrice value, while overstating the value of their deposit...

6.8AI score
Exploits0
Rows per page
Query Builder