Asymmetry contest - Parad0x's results

Lines of code

https://github.com/code-423n4/2023-03-asymmetry/blob/44b5cd94ebedc187a08884a7f685e950e987261c/contracts/SafEth/SafEth.sol#L182-L195

Vulnerability details

Impact

On incorrect input of derivative contract, most of the other functions will fail and then the user funds will be lost.

Proof of Concept

A. The administrator plans to utilize the addDerivative function to introduce a novel derivative. B. Despite intending to use a specific contract address, the administrator mistakenly types a different one. C. As a result, a derivative with an incorrect contract address is created. D. Subsequently, when attempting to modify the weights via the rebalanceToWeights function, the administrator is unsuccessful because the balance of this incorrect derivative is nonexistent. E. Similarly, users cannot carry out stake and unstake actions for the same fundamental reason.

Tools Used

Manual Review.

Recommended Mitigation Steps

The admin should be able to remove a derivate.

Lines of code

https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L63-L101

Vulnerability details

Impact

The value of mintAmount is determined by two factors, namely the totalStakeValueEth and preDepositPrice. The totalStakeValueEth is related to external interactions that are beyond the control of individual users. On the other hand, the preDepositPrice can be adjusted to encourage more staker participation by introducing a slippage control mechanism.

In other words, mintAmount, which is the amount of tokens that can be minted, is dependent on two variables: totalStakeValueEth and preDepositPrice. While the former is influenced by external factors that cannot be controlled by individual users, the latter can be adjusted to encourage more people to participate in staking. This can be achieved by implementing a slippage control mechanism, which would ensure that the preDepositPrice is kept at an optimal level to incentivize more staker participation. By doing so, the platform can attract more users and improve overall engagement, leading to increased adoption and success.

Proof of Concept

The purpose of the ethPerDerivative() is to obtain the price of each derivative in terms of ETH. Although it is assumed that the prices would remain closely or stably pegged at a 1:1 ratio, there is no guarantee that there won't be any degree of volatility.

In the case of underlyingValue is less than the totalSupply, the preDepositPrice will be smaller, resulting in a larger mintAmount or the opposite.

As a result, two stakers who call the stake() function with the same amount of ETH but at different time, could end up being minted different amounts of stake ERC20 tokens due to the changing preDepositPrice.

In other words, the ethPerDerivative() function plays a crucial role in determining the price of each derivative in terms of ETH. However, despite the assumption that prices will remain stable, the recent depeg of the USDC has shown that there is a risk of volatility. Additionally, the preDepositPrice, which affects the mintAmount, is inversely related to the underlyingValue and the totalSupply. Thus, any slight price movement can have a significant impact on stake calculations, leading to different minted amounts of stake ERC20 tokens for stakers who call the stake() function at different times. Therefore, it is important to consider these factors when using the platform to ensure fair and accurate token minting.

Tools Used

Manual review.

Recommended Mitigation Steps

Function should consider range of slippage approved by the user