Platform: Code4rena
Start Date: 10/11/2023
Pot Size: $28,000 USDC
Total HM: 5
Participants: 185
Period: 5 days
Judge: 0xDjango
Id: 305
League: ETH
Rank: 167/185
Findings: 1
Award: $2.76
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: m_Rassska
Also found by: 0x1337, 0xAadi, 0xHelium, 0xLeveler, 0xblackskull, 0xbrett8571, 0xepley, 0xffchain, 0xluckhu, 0xmystery, 0xrugpull_detector, 0xvj, ABAIKUNANBAEV, Aamir, AerialRaider, Amithuddar, Bauchibred, Bauer, CatsSecurity, Cryptor, Daniel526, Draiakoo, Eigenvectors, ElCid, GREY-HAWK-REACH, Inspecktor, Juntao, King_, LinKenji, Madalad, MaslarovK, Matin, MatricksDeCoder, McToady, Noro, PENGUN, Pechenite, Phantasmagoria, RaoulSchaffranek, SBSecurity, SandNallani, Shaheen, Soul22, Stormreckson, T1MOH, Tadev, TeamSS, TheSchnilch, Topmark, Tumelo_Crypto, Udsen, Yanchuan, ZanyBonzy, _thanos1, adeolu, adriro, alexfilippov314, almurhasan, amaechieth, anarcheuz, ayden, baice, bareli, boredpukar, bronze_pickaxe, btk, cartlex_, catellatech, chaduke, cheatc0d3, circlelooper, codynhat, crack-the-kelp, critical-or-high, debo, deepkin, desaperh, dipp, eeshenggoh, evmboi32, ge6a, gesha17, glcanvas, gumgumzum, hals, hihen, hunter_w3b, jasonxiale, joaovwfreire, ke1caM, leegh, lsaudit, marchev, merlinboii, niser93, osmanozdemir1, paritomarrr, passion, pep7siup, phoenixV110, pipidu83, poneta, ro1sharkm, rouhsamad, rvierdiiev, sakshamguruji, seerether, shealtielanz, soliditytaker, spark, squeaky_cactus, stackachu, supersizer0x, tallo, taner2344, turvy_fuzz, twcctop, ubl4nk, wisdomn_, xAriextz, zach, zhaojie, zhaojohnson, ziyou-
2.7592 USDC - $2.76
https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTDepositPool.sol#L162
The function addNodeDelegatorContractToQueue doesn't check that any of the addresses to be added to nodeDelegatorQueue are unique, meaning the same address could be mistakenly added to the queue multiple times. This would lead to incorrect accounting when calling getTotalAssetDeposits as the asset balance of a contract would be counted twice. This in turn would lead to the rsETH price being returned by getRSETHPrice being too high. This means that any users who deposit into the protocol afterward the issue would receive less than their fair share of rsETH while prior depositors would be able to redeem their rsETH for more than their fair share of assets.
On top of this there is no way for the admins to remove a mistaken address from the nodeDelegatorQueue array so the contract would have to e redeployed to resolve the issue.
addNodeDelegatorContractToQueue already has a non zero address check so it's recommended that a check is added to ensure an address being added isn't already in the nodeDelegatorQueue array. This could be done by adding a state variable mapping (address => bool) public isNodeDelegatorContract that is then checked and assigned in addNodeDelegatorContractToQueue.
Invalid Validation
#0 - c4-pre-sort
2023-11-16T07:36:47Z
raymondfam marked the issue as insufficient quality report
#1 - c4-pre-sort
2023-11-16T07:36:54Z
raymondfam marked the issue as duplicate of #36
#2 - c4-judge
2023-11-29T21:35:51Z
fatherGoose1 changed the severity to QA (Quality Assurance)
#3 - c4-judge
2023-11-29T21:43:30Z
fatherGoose1 marked the issue as grade-b