Platform: Code4rena
Start Date: 10/11/2023
Pot Size: $28,000 USDC
Total HM: 5
Participants: 185
Period: 5 days
Judge: 0xDjango
Id: 305
League: ETH
Rank: 161/185
Findings: 1
Award: $2.76
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: m_Rassska
Also found by: 0x1337, 0xAadi, 0xHelium, 0xLeveler, 0xblackskull, 0xbrett8571, 0xepley, 0xffchain, 0xluckhu, 0xmystery, 0xrugpull_detector, 0xvj, ABAIKUNANBAEV, Aamir, AerialRaider, Amithuddar, Bauchibred, Bauer, CatsSecurity, Cryptor, Daniel526, Draiakoo, Eigenvectors, ElCid, GREY-HAWK-REACH, Inspecktor, Juntao, King_, LinKenji, Madalad, MaslarovK, Matin, MatricksDeCoder, McToady, Noro, PENGUN, Pechenite, Phantasmagoria, RaoulSchaffranek, SBSecurity, SandNallani, Shaheen, Soul22, Stormreckson, T1MOH, Tadev, TeamSS, TheSchnilch, Topmark, Tumelo_Crypto, Udsen, Yanchuan, ZanyBonzy, _thanos1, adeolu, adriro, alexfilippov314, almurhasan, amaechieth, anarcheuz, ayden, baice, bareli, boredpukar, bronze_pickaxe, btk, cartlex_, catellatech, chaduke, cheatc0d3, circlelooper, codynhat, crack-the-kelp, critical-or-high, debo, deepkin, desaperh, dipp, eeshenggoh, evmboi32, ge6a, gesha17, glcanvas, gumgumzum, hals, hihen, hunter_w3b, jasonxiale, joaovwfreire, ke1caM, leegh, lsaudit, marchev, merlinboii, niser93, osmanozdemir1, paritomarrr, passion, pep7siup, phoenixV110, pipidu83, poneta, ro1sharkm, rouhsamad, rvierdiiev, sakshamguruji, seerether, shealtielanz, soliditytaker, spark, squeaky_cactus, stackachu, supersizer0x, tallo, taner2344, turvy_fuzz, twcctop, ubl4nk, wisdomn_, xAriextz, zach, zhaojie, zhaojohnson, ziyou-
2.7592 USDC - $2.76
Protocol does not check whether a strategy has funds in them before changing it. This could present some issues when withdrawing funds.
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTConfig.sol#L109-L122 In Eigen Layer's deposit function, there is a check to make sure that a certain strategy is whitelisted. Kelp does not make that same check when it calls Eigen's deposit function. Therefore, there can be situations where a strategy is approved on Kelp but removed from Eigen Layer's whitelist, causing unexpected reverts
The Library in this function does not add much utility especially when it come to asset management as the constants are fixed and the admin can add new assets without using the library
None of the oracle functions in LRTOracle.sol are pauseable even though the contract inherits pauseable_init.
Admin should not be able to renounce ownership as it would break several core contract functions
if (depositAmount > getAssetCurrentLimit(asset)) { revert MaximumDepositLimitReached(); }
The deposit function will fail if it exceeds the assetdeposit limit. It uses the following calculation for the limit
lrtConfig.depositLimitByAsset(asset) - getTotalAssetDeposits(asset)
Which is derived from the function getAssetDistributionData shown below:
// Question: is here the right place to have this? Could it be in LRTConfig? assetLyingInDepositPool = IERC20(asset).balanceOf(address(this)); uint256 ndcsCount = nodeDelegatorQueue.length; for (uint256 i; i < ndcsCount;) { assetLyingInNDCs += IERC20(asset).balanceOf(nodeDelegatorQueue[i]); assetStakedInEigenLayer += INodeDelegator(nodeDelegatorQueue[i]).getAssetBalance(asset); unchecked { ++i; } }
The problem is that when calculating the limit it uses the balance of the contract as well as the node delegators. That means that a bad actor can donate just enough of the asset to cause deposits to fail
Eigen Layer strategy contracts has a deposit limit, meaning that a bad actor can front run and cause Kelp's deposit function to revert
#0 - c4-pre-sort
2023-11-18T00:47:54Z
raymondfam marked the issue as sufficient quality report
#1 - c4-judge
2023-12-01T16:30:57Z
fatherGoose1 marked the issue as grade-b