Platform: Code4rena
Start Date: 10/11/2023
Pot Size: $28,000 USDC
Total HM: 5
Participants: 185
Period: 5 days
Judge: 0xDjango
Id: 305
League: ETH
Rank: 157/185
Findings: 1
Award: $2.76
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: m_Rassska
Also found by: 0x1337, 0xAadi, 0xHelium, 0xLeveler, 0xblackskull, 0xbrett8571, 0xepley, 0xffchain, 0xluckhu, 0xmystery, 0xrugpull_detector, 0xvj, ABAIKUNANBAEV, Aamir, AerialRaider, Amithuddar, Bauchibred, Bauer, CatsSecurity, Cryptor, Daniel526, Draiakoo, Eigenvectors, ElCid, GREY-HAWK-REACH, Inspecktor, Juntao, King_, LinKenji, Madalad, MaslarovK, Matin, MatricksDeCoder, McToady, Noro, PENGUN, Pechenite, Phantasmagoria, RaoulSchaffranek, SBSecurity, SandNallani, Shaheen, Soul22, Stormreckson, T1MOH, Tadev, TeamSS, TheSchnilch, Topmark, Tumelo_Crypto, Udsen, Yanchuan, ZanyBonzy, _thanos1, adeolu, adriro, alexfilippov314, almurhasan, amaechieth, anarcheuz, ayden, baice, bareli, boredpukar, bronze_pickaxe, btk, cartlex_, catellatech, chaduke, cheatc0d3, circlelooper, codynhat, crack-the-kelp, critical-or-high, debo, deepkin, desaperh, dipp, eeshenggoh, evmboi32, ge6a, gesha17, glcanvas, gumgumzum, hals, hihen, hunter_w3b, jasonxiale, joaovwfreire, ke1caM, leegh, lsaudit, marchev, merlinboii, niser93, osmanozdemir1, paritomarrr, passion, pep7siup, phoenixV110, pipidu83, poneta, ro1sharkm, rouhsamad, rvierdiiev, sakshamguruji, seerether, shealtielanz, soliditytaker, spark, squeaky_cactus, stackachu, supersizer0x, tallo, taner2344, turvy_fuzz, twcctop, ubl4nk, wisdomn_, xAriextz, zach, zhaojie, zhaojohnson, ziyou-
2.7592 USDC - $2.76
Calling latestAnswer() on the chainlink aggregator can potentially revert in some cases leading to Denial of service in certain aspects of the protocol
https://blog.openzeppelin.com/secure-smart-contract-guidelines-the-dangers-of-price-oracles mentions that "it is possible that Chainlink’s multisigs can immediately block access to price feeds at will”. When this occurs, executing return AggregatorInterface(assetPriceFeed[asset]).latestAnswer(); in the getAssetPrice function will revert causing the getRsETHAmountToMint and subsequently the _mintRsETH functions to fail, making users unable to rSethTokens
Manual Review
Wrap the return AggregatorInterface(assetPriceFeed[asset]).latestAnswer() block in the getAssetPrice function in a try catch block to handle possible unexpected oracle reverts
DoS
#0 - c4-pre-sort
2023-11-16T04:07:05Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2023-11-16T04:07:12Z
raymondfam marked the issue as duplicate of #32
#2 - c4-pre-sort
2023-11-17T05:22:34Z
raymondfam marked the issue as not a duplicate
#3 - c4-pre-sort
2023-11-17T05:22:48Z
raymondfam marked the issue as duplicate of #878
#4 - c4-pre-sort
2023-11-17T07:34:08Z
raymondfam marked the issue as duplicate of #723
#5 - c4-judge
2023-12-01T17:38:31Z
fatherGoose1 changed the severity to QA (Quality Assurance)
#6 - c4-judge
2023-12-01T18:42:43Z
fatherGoose1 marked the issue as grade-b