Platform: Code4rena
Start Date: 10/11/2023
Pot Size: $28,000 USDC
Total HM: 5
Participants: 185
Period: 5 days
Judge: 0xDjango
Id: 305
League: ETH
Rank: 155/185
Findings: 1
Award: $2.76
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: m_Rassska
Also found by: 0x1337, 0xAadi, 0xHelium, 0xLeveler, 0xblackskull, 0xbrett8571, 0xepley, 0xffchain, 0xluckhu, 0xmystery, 0xrugpull_detector, 0xvj, ABAIKUNANBAEV, Aamir, AerialRaider, Amithuddar, Bauchibred, Bauer, CatsSecurity, Cryptor, Daniel526, Draiakoo, Eigenvectors, ElCid, GREY-HAWK-REACH, Inspecktor, Juntao, King_, LinKenji, Madalad, MaslarovK, Matin, MatricksDeCoder, McToady, Noro, PENGUN, Pechenite, Phantasmagoria, RaoulSchaffranek, SBSecurity, SandNallani, Shaheen, Soul22, Stormreckson, T1MOH, Tadev, TeamSS, TheSchnilch, Topmark, Tumelo_Crypto, Udsen, Yanchuan, ZanyBonzy, _thanos1, adeolu, adriro, alexfilippov314, almurhasan, amaechieth, anarcheuz, ayden, baice, bareli, boredpukar, bronze_pickaxe, btk, cartlex_, catellatech, chaduke, cheatc0d3, circlelooper, codynhat, crack-the-kelp, critical-or-high, debo, deepkin, desaperh, dipp, eeshenggoh, evmboi32, ge6a, gesha17, glcanvas, gumgumzum, hals, hihen, hunter_w3b, jasonxiale, joaovwfreire, ke1caM, leegh, lsaudit, marchev, merlinboii, niser93, osmanozdemir1, paritomarrr, passion, pep7siup, phoenixV110, pipidu83, poneta, ro1sharkm, rouhsamad, rvierdiiev, sakshamguruji, seerether, shealtielanz, soliditytaker, spark, squeaky_cactus, stackachu, supersizer0x, tallo, taner2344, turvy_fuzz, twcctop, ubl4nk, wisdomn_, xAriextz, zach, zhaojie, zhaojohnson, ziyou-
2.7592 USDC - $2.76
https://github.com/code-423n4/2023-11-kelp/blob/main/src/RSETH.sol#L47 https://github.com/code-423n4/2023-11-kelp/blob/main/src/NodeDelegator.sol#L51
Funds received from users deposits in LRTDepositPool are then transfered to NodeDelegator to delegate them to EigenLayer in order to generate yield . The problem here is that there is not a way to increase users RSETH balance or minting new tokens to users when a new yield is generated .
Users will not get yield generated by their funds in EigenLayer .
LRTDepositPool is the only to have MINTER_ROLE to mint new RSETH, but it does’t have a function to mint to users when they generated yield , it only mints when they deposit . Also RSETH balanceOf() function can’t be manipulated to increase the users balance when they generate yield .
Manual Review
increase users RSETH balance when their deposits generate yield from EigenLayer .
Other
#0 - c4-pre-sort
2023-11-16T03:44:21Z
raymondfam marked the issue as insufficient quality report
#1 - c4-pre-sort
2023-11-16T03:44:34Z
raymondfam marked the issue as duplicate of #43
#2 - c4-pre-sort
2023-11-16T22:01:25Z
raymondfam marked the issue as not a duplicate
#3 - c4-pre-sort
2023-11-16T22:01:37Z
raymondfam marked the issue as duplicate of #709
#4 - c4-pre-sort
2023-11-17T22:28:09Z
raymondfam marked the issue as duplicate of #294
#5 - c4-pre-sort
2023-11-17T22:28:37Z
raymondfam marked the issue as sufficient quality report
#6 - c4-judge
2023-12-01T17:41:33Z
fatherGoose1 marked the issue as unsatisfactory: Invalid
#7 - c4-judge
2023-12-06T18:19:18Z
fatherGoose1 changed the severity to QA (Quality Assurance)
#8 - c4-judge
2023-12-08T18:52:40Z
fatherGoose1 marked the issue as grade-b