Renzo - Bigsam's results

Lines of code

https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/RestakeManager.sol#L243-L259 https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/RestakeManager.sol#L294-L326 https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/RestakeManager.sol#L564-L569 https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/Oracle/RenzoOracle.sol#L123-L149 https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/Oracle/RenzoOracle.sol#L152-L163

Vulnerability details

Impact

The removeCollateralToken function does not check if deposited tokens in the removed collateral token are still present, potentially leading to a denial of service for users attempting to withdraw their tokens. This oversight can result in an increase in minted tokens beyond what should be minted and redemption of fewer tokens than a user would have received before the token was removed. Additionally, the removal of a collateral token affects Total Value Locked (TVL) calculations, as the total TVL decreases without accounting for the collateral tokens in the vault. This discrepancy between TVL and the actual value of EZETH tokens can cause users who mint at that particular time to receive more tokens than they should, as the TVL total is not accurately reflected.

Proof of Concept

    // Calculate how much ezETH to mint
    uint256 ezETHToMint = renzoOracle.calculateMintAmount(
        totalTVL,
        msg.value,
        ezETH.totalSupply()
    );

    // Mint the ezETH
    ezETH.mint(msg.sender, ezETHToMint);

Let's illustrate the impact with some numbers:

• Before the removal, suppose:
  • Total TVL = 900 (due to the removed token, tvl of token removed(100) TVL becomes = 800)
  • Value = 100
  • EZETH total supply = 900

 function calculateMintAmount(
        uint256 _currentValueInProtocol,
        uint256 _newValueAdded,
        uint256 _existingEzETHSupply
    ) external pure returns (uint256) {
        // For first mint, just return the new value added.
        // Checking both current value and existing supply to guard against gaming the initial mint
        if (_currentValueInProtocol == 0 || _existingEzETHSupply == 0) {
            return _newValueAdded; // value is priced in base units, so divide by scale factor
        }

        // Calculate the percentage of value after the deposit
        uint256 inflationPercentaage = (SCALE_FACTOR * _newValueAdded) /
            (_currentValueInProtocol + _newValueAdded);

        // Calculate the new supply
        uint256 newEzETHSupply = (_existingEzETHSupply * SCALE_FACTOR) /
            (SCALE_FACTOR - inflationPercentaage);

        // Subtract the old supply from the new supply to get the amount to mint
        uint256 mintAmount = newEzETHSupply - _existingEzETHSupply;

https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/Oracle/RenzoOracle.sol#L123-L149

Without impact:

1. Inflation percentage = (1e18 * 100) / (900 + 100) = 0.1 * 1e18
2. New ETH total = (900 * 1e18) / (1e18 - 0.1e18) = 1000
3. Minted tokens = 1000 - 900 = 100

With impact:

1. Inflation percentage = (1e18 * 900) / (1e18 - 0.11e18) =
2. New ETH total = (800 * 1e18) / (1e18 - 0.1e18) = 1011
3. Minted tokens = 1011 - 900 = 111

For redemption:

function calculateRedeemAmount(
    uint256 _ezETHBeingBurned,
    uint256 _existingEzETHSupply,
    uint256 _currentValueInProtocol
) external pure returns (uint256) {
    // This is just returning the percentage of TVL that matches the percentage of ezETH being burned
    uint256 redeemAmount = (_currentValueInProtocol * _ezETHBeingBurned) / _existingEzETHSupply;

    // Sanity check
    if (redeemAmount == 0) revert("Invalid token amount");

    return redeemAmount;
}

https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/Oracle/RenzoOracle.sol#L152-L163

• Without impact: Redeem = (900 * 100) / 900 = 100
• With impact: Redeem = (800 * 100) / 900 = 88

Tools Used

Manual code analysis

Recommended Mitigation Steps

Prevent the admin from removing a collateral token if there are still tokens available in them, or trigger a withdrawal of all funds in the token, ensuring corresponding EZETH is burnt and users can decide to restake using another allowed token.

Assessed type

Error