Platform: Code4rena
Start Date: 23/06/2023
Pot Size: $60,500 USDC
Total HM: 31
Participants: 132
Period: 10 days
Judge: 0xean
Total Solo HM: 10
Id: 254
League: ETH
Rank: 129/132
Findings: 1
Award: $1.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: bytes032
Also found by: 0xMAKEOUTHILL, 0xgrbr, 0xkazim, 0xnacho, Arz, Co0nan, CrypticShepherd, Cryptor, HE1M, Iurii3, LaScaloneta, LokiThe5th, LuchoLeonel1, MrPotatoMagic, Musaka, Qeew, RedTiger, SovaSlava, Toshii, Vagner, a3yip6, azhar, bart1e, devival, hl_, jnrlouis, kutugu, peanuts, pep7siup, qpzm, smaul
1.3247 USDC - $1.32
https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/pools/LybraRETHVault.sol#L47 https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/pools/LybraWbETHVault.sol#L35
In LybraRETHVault/LybraWbETHVault, the getAssetPrice function call to reth/wbeth. However the function interfaces are incorrect. More specifically, getExchangeRatio should be getExchangeRate and exchangeRatio should be exchangeRate. Incorrect function signatures result in incorrect price calculated, which is dangerous.
Update the getAssetPrice function with the correct function names.
## recommend fix for LybraRETHVault return (_etherPrice() * IRETH(address(collateralAsset)).getExchangeRate()) / 1e18; ## recommend fix for LybraWbETHVault return (_etherPrice() * IWBETH(address(collateralAsset)).exchangeRate()) / 1e18;
Other
#0 - c4-pre-sort
2023-07-08T14:24:57Z
JeffCX marked the issue as duplicate of #27
#1 - c4-judge
2023-07-28T17:15:13Z
0xean marked the issue as satisfactory