Platform: Code4rena
Start Date: 24/03/2023
Pot Size: $49,200 USDC
Total HM: 20
Participants: 246
Period: 6 days
Judge: Picodes
Total Solo HM: 1
Id: 226
League: ETH
Rank: 241/246
Findings: 1
Award: $0.14
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: HHK
Also found by: 019EC6E2, 0Kage, 0x52, 0xRobocop, 0xTraub, 0xbepresent, 0xepley, 0xfusion, 0xl51, 4lulz, Bahurum, BanPaleo, Bauer, CodeFoxInc, Dug, HollaDieWaldfee, IgorZuk, Lirios, MadWookie, MiloTruck, RedTiger, Ruhum, SaeedAlipoor01988, Shogoki, SunSec, ToonVH, Toshii, UdarTeam, Viktor_Cortess, a3yip6, auditor0517, aviggiano, bearonbike, bytes032, carlitox477, carrotsmuggler, chalex, deliriusz, ernestognw, fs0c, handsomegiraffe, igingu, jasonxiale, kaden, koxuan, latt1ce, m_Rassska, n1punp, nemveer, nowonder92, peanuts, pontifex, roelio, rvierdiiev, shalaamum, shuklaayush, skidog, tank, teddav, top1st, ulqiorra, wait, wen, yac
0.1353 USDC - $0.14
https://github.com/code-423n4/2023-03-asymmetry/blob/44b5cd94ebedc187a08884a7f685e950e987261c/contracts/SafEth/SafEth.sol#L91-L94 https://github.com/code-423n4/2023-03-asymmetry/blob/44b5cd94ebedc187a08884a7f685e950e987261c/contracts/SafEth/derivatives/Reth.sol#L237-L240
Users depositing into SafETH may fall victim to sandwich attacks, resulting in a total loss of funds. The victim receives 0 SafETH regardless of the deposit amount. In the worst-case scenario, the attacker can retrieve the entire sum of the victim's ETH back from the pool.
This vulnerability has two aspects. First, poolPrice() in Reth is vulnerable to Flashloan attacks, which are partially mitigated by maxSlippage.
The issue emerges when the victim's funds are not routed through the Uniswap router for the swap. In this situation, the RETH tokens will be deposited into the RocketPool, and the price calculation will function correctly in most cases.
Assume that the victim's transaction amount (V) is between (RETHPoolMaxSupply - RETHPoolCurrentSupply) / 2 and RETHPoolMaxSupply. In this case, the swap will go through the RocketPool, passing maxSlippage checks. However, because this exact victim's transaction exhausted the RocketPool's ability to accept deposits, the next SafETH's call to RETH.ethPerDerivative() will use the UniswapV3 Pool for price calculation, which is imbalanced due to the attacker's flashloan and returns approximately 0.
The issue is worsened by the conversion that rounds already small SQRTPrice exactly to 0. Essentially, when calling SafETH stake() and providing value, the victim will receive nothing in return. The funds will be distributed among SafETH stakers, with the attacker being one of them and enjoying the profit.
Foundry
poolPrice in RETH Derivative. Example in gistAttack Proof of Concept in gist. Full repo with Foundry test is available by request.
#0 - c4-pre-sort
2023-04-04T11:39:36Z
0xSorryNotSorry marked the issue as duplicate of #601
#1 - c4-judge
2023-04-21T16:11:39Z
Picodes marked the issue as duplicate of #1125
#2 - c4-judge
2023-04-21T16:14:15Z
Picodes marked the issue as satisfactory