Back to Sparrow's contests

Renzo - Sparrow's results

A protocol that abstracts all staking complexity from the end-user and enables easy collaboration with EigenLayer node operators and a Validated Services (AVSs).

General Information

Platform: Code4rena

Start Date: 30/04/2024

Pot Size: $112,500 USDC

Total HM: 22

Participants: 122

Period: 8 days

Judge: alcueca

Total Solo HM: 1

Id: 372

League: ETH

Renzo

Findings Distribution

Researcher Performance

Rank: 118/122

Findings: 1

Award: $0.00

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryRenzo

Findings Information

🌟 Selected for report: Sathish9098

Also found by: 0x73696d616f, 0xCiphky, 0xmystery, ABAIKUNANBAEV, Bauchibred, BiasedMerc, Fassi_Security, FastChecker, GalloDaSballo, GoatedAudits, K42, KupiaSec, LessDupes, Limbooo, ReadyPlayer2, Rhaydden, SBSecurity, Sabit, Sparrow, WildSniper, ZanyBonzy, adam-idarrha, adeolu, araj, aslanbek, atoko, b0g0, carlitox477, crypticdefense, fyamf, gesha17, gjaldon, grearlake, gumgumzum, hihen, honey-k12, hunter_w3b, inzinko, jesjupyter, jokr, kennedy1030, kind0dev, kinda_very_good, ladboy233, lanrebayode77, oakcobalt, oualidpro, pauliax, rbserver, t0x1c, tapir, underdog, xg, zzykxx

Awards

0 USDC - $0.00

Labels

bug
downgraded by judge
grade-a
QA (Quality Assurance)
sufficient quality report
:robot:_02_group
duplicate-8
Q-34

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-04-renzo/blob/519e518f2d8dec9acf6482b84a181e403070d22d/contracts/Bridge/L2/Oracle/RenzoOracleL2.sol#L11-L13

Vulnerability details

Impact

RenzoOracle fetches prices from Chainlink. The primary impact is the potential use of stale price data due to very long heartbeat rate of the tokens in use (stETH24 is 24hours on chainlink), which can significantly affect the accuracy and reliability of the contract's operations, especially in volatile markets. This discrepancy could also introduce inefficiencies in how the contract operates, as it waits for a long period before considering the data stale

Proof of Concept

function getMintRate() public view returns (uint256, uint256) {
        (, int256 price, , uint256 timestamp, ) = oracle.latestRoundData();
        if (timestamp < block.timestamp - MAX_TIME_WINDOW) revert OraclePriceExpired();
        // scale the price to have 18 decimals
        uint256 _scaledPrice = (uint256(price)) * 10 ** (18 - oracle.decimals());
        if (_scaledPrice < 1 ether) revert InvalidOraclePrice();
        return (_scaledPrice, timestamp);
    }

Tools Used

Manual review

Use the stETH/USD oracle instead because it has a 1-hour heartbeat.

Assessed type

Oracle

#0 - c4-judge

2024-05-17T13:14:57Z

alcueca marked the issue as not a duplicate

#1 - c4-judge

2024-05-17T13:15:04Z

alcueca changed the severity to QA (Quality Assurance)

#2 - c4-judge

2024-05-17T13:15:08Z

alcueca marked the issue as grade-a

#3 - c4-judge

2024-05-17T13:21:24Z

alcueca marked the issue as unsatisfactory: Invalid

#4 - c4-judge

2024-05-20T03:02:54Z

This previously downgraded issue has been upgraded by alcueca

#5 - c4-judge

2024-05-20T03:05:27Z

alcueca marked the issue as duplicate of #8

#6 - c4-judge

2024-05-23T17:24:53Z

alcueca changed the severity to QA (Quality Assurance)

#7 - c4-judge

2024-05-23T17:24:56Z

alcueca marked the issue as grade-a

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter