Renzo - 0xPwned's results

A protocol that abstracts all staking complexity from the end-user and enables easy collaboration with EigenLayer node operators and a Validated Services (AVSs).

General Information

Platform: Code4rena

Start Date: 30/04/2024

Pot Size: $112,500 USDC

Total HM: 22

Participants: 122

Period: 8 days

Judge: alcueca

Total Solo HM: 1

Id: 372

League: ETH

Renzo

Findings Distribution

Researcher Performance

Rank: 108/122

Findings: 1

Award: $0.00

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Renzo

Findings Information

🌟 Selected for report: pauliax

Also found by: 0rpse, 0x73696d616f, 0xAadi, 0xCiphky, 0xPwned, 0xhacksmithh, 0xnev, 0xnightfall, 0xordersol, 14si2o_Flint, Aamir, Aymen0909, BiasedMerc, DanielArmstrong, Fassi_Security, FastChecker, GoatedAudits, Greed, KupiaSec, LessDupes, Maroutis, NentoR, OMEN, SBSecurity, Stefanov, TheFabled, adam-idarrha, ak1, aman, araj, aslanbek, b0g0, baz1ka, bigtone, blutorque, carlitox477, carrotsmuggler, crypticdefense, eeshenggoh, fyamf, gesha17, gjaldon, grearlake, guhu95, honey-k12, hunter_w3b, ilchovski, josephdara, kinda_very_good, lanrebayode77, m_Rassska, maxim371, mt030d, mussucal, oakcobalt, p0wd3r, peanuts, rbserver, shui, siguint, t0x1c, tapir, twcctop, ustazz, xg, zhaojohnson, zigtur, zzykxx

Awards

0.0026 USDC - $0.00

Labels

bug

3 (High Risk)

satisfactory

sufficient quality report

upgraded by judge

edited-by-warden

:robot:_56_group

duplicate-28

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/RestakeManager.sol#L316-L321

Vulnerability details

Impact

Passing the wrong collateral tokens percentage to withdrawal calculations in the provided code can lead to inaccurate TVL (Total Value Locked) calculations. This discrepancy arises from using incorrect token balances when computing TVLs for operator delegators.

Specifically, the issue occurs when recording the token value of the withdrawal queue (withdrawQueue). In the loop iterating through the collateral tokens, the code mistakenly references collateralTokens[i] instead of collateralTokens[j] when calculating the token value for the withdrawal queue. This results in the wrong token balance being fetched for TVL computation, potentially skewing the overall TVL calculation for the protocol.

Tools Used

Manual Review

Recommended Mitigation Steps

replace i index with j index for collateral token.

Assessed type

Loop

#0 - c4-judge
2024-05-16T10:38:09Z

alcueca marked the issue as satisfactory

#1 - c4-judge
2024-05-16T10:39:08Z

alcueca changed the severity to 3 (High Risk)

#2 - c4-judge
2024-05-20T04:26:26Z

alcueca changed the severity to 2 (Med Risk)

#3 - c4-judge
2024-05-23T13:47:21Z

alcueca changed the severity to 3 (High Risk)

Renzo - 0xPwned's results

A protocol that abstracts all staking complexity from the end-user and enables easy collaboration with EigenLayer node operators and a Validated Services (AVSs).

General Information

Findings Distribution

Researcher Performance

External Links

[H-08] Incorrect collateral token address may lead to inflated / deflated TVL value - $0.00

Findings Information

Awards

Labels

External Links

Lines of code

Vulnerability details

Impact

Tools Used

Recommended Mitigation Steps

Assessed type

#0 - c4-judge2024-05-16T10:38:09Z

#1 - c4-judge2024-05-16T10:39:08Z

#2 - c4-judge2024-05-20T04:26:26Z

#3 - c4-judge2024-05-23T13:47:21Z

#0 - c4-judge
2024-05-16T10:38:09Z

#1 - c4-judge
2024-05-16T10:39:08Z

#2 - c4-judge
2024-05-20T04:26:26Z

#3 - c4-judge
2024-05-23T13:47:21Z