Platform: Code4rena
Start Date: 23/06/2023
Pot Size: $60,500 USDC
Total HM: 31
Participants: 132
Period: 10 days
Judge: 0xean
Total Solo HM: 10
Id: 254
League: ETH
Rank: 131/132
Findings: 1
Award: $1.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: bytes032
Also found by: 0xMAKEOUTHILL, 0xgrbr, 0xkazim, 0xnacho, Arz, Co0nan, CrypticShepherd, Cryptor, HE1M, Iurii3, LaScaloneta, LokiThe5th, LuchoLeonel1, MrPotatoMagic, Musaka, Qeew, RedTiger, SovaSlava, Toshii, Vagner, a3yip6, azhar, bart1e, devival, hl_, jnrlouis, kutugu, peanuts, pep7siup, qpzm, smaul
1.3247 USDC - $1.32
https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/pools/LybraRETHVault.sol#L47 https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/pools/LybraWbETHVault.sol#L35
The contracts for RETH Token and WBETH Token lack the exchangeRatio() function, which will revert any deposit to these Vaults. This omission can have significant consequences for users interacting with these contracts.
Regarding RETH, the provided interface for RocketTokenRETHInterface.sol does not include the required function. Instead, the smart contract should call the getEthValue() function. You can find the interface code at the following location: https://github.com/rocket-pool/rocketpool/blob/master/contracts/interface/token/RocketTokenRETHInterface.sol#L8
For WBETH, no open source documentation or GitHub repository was found. However, you can verify the code on Etherscan by referring to the provided address: 0x523177fbe442afb70b401d06bb11ec7b8684ecee (proxyContract). The relevant file to inspect is StakedTokenV1.sol#L256.
Manual Review
To address the issues identified, the following mitigation steps are recommended:
For LybraRETHVault.sol:
Modify the IRETH interface to include the getEthValue() function:
interface IRETH { function getEthValue(uint256 _rethAmount) external view returns (uint256); }
Update the getAssetPrice() function in LybraRETHVault.sol as follows:
function getAssetPrice() public override returns (uint256) { return (_etherPrice() * IRETH(address(collateralAsset)).getEthValue(1e18)) / 1e18; }
For WBETH using the address 0xa2E3356610840701BDf5611a53974510Ae27E2e1: Change exchangeRatio to exchangeRate in the IWBETH interface:
interface IWBETH { function exchangeRate() external view returns (uint256); function deposit(address referral) external payable; }
Modify the getAssetPrice() function in LybraRETHVault.sol accordingly:
function getAssetPrice() public override returns (uint256) { return (_etherPrice() * IWBETH(address(collateralAsset)).exchangeRate()) / 1e18; }
It's important to note that while inspecting the WBETH contract, it was observed that the exchangeRate value is derived from an off-chain oracle update, likely sourced from Binance. This information should be taken into account and used with caution when utilizing the function.
Error
#0 - c4-pre-sort
2023-07-08T14:27:22Z
JeffCX marked the issue as duplicate of #27
#1 - c4-judge
2023-07-28T17:14:12Z
0xean changed the severity to 2 (Med Risk)
#2 - c4-judge
2023-07-28T17:15:33Z
0xean marked the issue as satisfactory