Platform: Code4rena
Start Date: 23/06/2023
Pot Size: $60,500 USDC
Total HM: 31
Participants: 132
Period: 10 days
Judge: 0xean
Total Solo HM: 10
Id: 254
League: ETH
Rank: 127/132
Findings: 1
Award: $1.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: bytes032
Also found by: 0xMAKEOUTHILL, 0xgrbr, 0xkazim, 0xnacho, Arz, Co0nan, CrypticShepherd, Cryptor, HE1M, Iurii3, LaScaloneta, LokiThe5th, LuchoLeonel1, MrPotatoMagic, Musaka, Qeew, RedTiger, SovaSlava, Toshii, Vagner, a3yip6, azhar, bart1e, devival, hl_, jnrlouis, kutugu, peanuts, pep7siup, qpzm, smaul
1.3247 USDC - $1.32
Asset price won't be correct since the function from the interface is incorrect and also doesn't even exist for the rETH token
Whenever price of asset is calculated it uses getExchangeRatio:
function getAssetPrice() public override returns (uint256) { return (_etherPrice() * IRETH(address(collateralAsset)).getExchangeRatio()) / 1e18; }
HOWEVER when you go in the contract for the rETH token - 0xae78736Cd615f374D3085123A210448E74Fc6393. You can see that there is no such function as getExchangeRatio:
interface IRETH { //@audit wrong interface function, getExchangeRate function getExchangeRatio() external view returns (uint256); }
As sponsor confirmed, the right function is getExchangeRate()
Manual Audit
To receive the right asset price you should:
interface IRETH { -- function getExchangeRatio() external view returns (uint256); ++ function getExchangeRate() external view returns (uint256); }
function getAssetPrice() public override returns (uint256) { -- return (_etherPrice() * IRETH(address(collateralAsset)).getExchangeRatio()) / 1e18; ++ return (_etherPrice() * IRETH(address(collateralAsset)).getExchangeRate()) / 1e18; }
Other
#0 - c4-pre-sort
2023-07-08T14:42:41Z
JeffCX marked the issue as duplicate of #27
#1 - c4-judge
2023-07-28T17:15:07Z
0xean marked the issue as satisfactory