Back to 8olidity's contests

Lybra Finance - 8olidity's results

A protocol building the first interest-bearing omnichain stablecoin backed by LSD.

General Information

Platform: Code4rena

Start Date: 23/06/2023

Pot Size: $60,500 USDC

Total HM: 31

Participants: 132

Period: 10 days

Judge: 0xean

Total Solo HM: 10

Id: 254

League: ETH

Lybra Finance

Findings Distribution

Researcher Performance

Rank: 116/132

Findings: 1

Award: $9.93

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLybra Finance

Findings Information

🌟 Selected for report: 0xnev

Also found by: 0xRobocop, 0xbrett8571, 0xkazim, 0xnacho, 3agle, 8olidity, ABAIKUNANBAEV, Bauchibred, Co0nan, CrypticShepherd, D_Auditor, DelerRH, HE1M, Iurii3, Kaysoft, MrPotatoMagic, RedOneN, RedTiger, Rolezn, SanketKogekar, Sathish9098, Timenov, Toshii, Vagner, bart1e, bytes032, codetilda, devival, halden, hals, kutugu, m_Rassska, naman1778, nonseodion, seth_lawson, solsaver, squeaky_cactus, totomanov, y51r, yudan, zaevlad

Awards

9.931 USDC - $9.93

Labels

bug
grade-b
QA (Quality Assurance)
sponsor acknowledged
edited-by-warden
Q-39

External Links

Link to GitHub issue

depositEtherToMint() code redundancy

Since the depositEtherToMint() function stores eth, the value of collateralAsset.balanceOf(address(this)) will not change, but the code judges the balance of collateralAsset before and after the deposit operation, which is redundant code

function depositEtherToMint(uint256 mintAmount) external payable override {
    require(msg.value >= 1 ether, "DNL");
    uint256 preBalance = collateralAsset.balanceOf(address(this));
    rkPool.deposit{value: msg.value}();
    uint256 balance = collateralAsset.balanceOf(address(this));
    depositedAsset[msg.sender] += balance - preBalance;//@audit 

    if (mintAmount > 0) {
        _mintPeUSD(msg.sender, msg.sender, mintAmount, getAssetPrice());
    }

    emit DepositEther(msg.sender, address(collateralAsset), msg.value,balance - preBalance, block.timestamp);
}
function depositEtherToMint(uint256 mintAmount) external payable override {
    require(msg.value >= 1 ether, "DNL");
-    uint256 preBalance = collateralAsset.balanceOf(address(this));
    rkPool.deposit{value: msg.value}();
-   uint256 balance = collateralAsset.balanceOf(address(this));
-    depositedAsset[msg.sender] += balance - preBalance;//@audit 

    if (mintAmount > 0) {
        _mintPeUSD(msg.sender, msg.sender, mintAmount, getAssetPrice());
    }

    emit DepositEther(msg.sender, address(collateralAsset), msg.value,balance - preBalance, block.timestamp);
}

The function does not exist in the WBETH interface

The LybraWBETHVault contract comment wrote that the WBETH address is 0xae78736Cd615f374D3085123A210448E74Fc6393 , but in the https://etherscan.io/address/0xae78736cd615f374d3085123a210448e74fc6393#readContract , the contract does not have the deposit and exchangeRatio functions written in the interface.

interface IWBETH {
    function exchangeRatio() external view returns (uint256);

    function deposit(address referral) external payable;
}

contract LybraWBETHVault is LybraPeUSDVaultBase {
    //WBETH = 0xae78736Cd615f374D3085123A210448E74Fc6393

Annotation error or interface error

#0 - JeffCX

2023-07-27T16:48:18Z

The function does not exist in the WBETH interface

duplicate of #27

#1 - c4-judge

2023-07-28T00:07:30Z

0xean marked the issue as grade-b

#2 - c4-sponsor

2023-07-29T11:16:52Z

LybraFinance marked the issue as sponsor acknowledged

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter