Asymmetry contest - ayden's results

Lines of code

https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L63#L101

Vulnerability details

Impact

User will lost stake fund

Proof of Concept

Try to stake some eth before derivatives are ready,deposit 1 ETH and received 0 safETH

  it("Should lost stake fund when Derivatives is not ready", async function () {
    const strategy = await getLatestContract(strategyContractAddress, "SafEth");
    const userAccounts = await getUserAccounts();
    const testLostFundAddress = userAccounts[0];
    // new interface
    const iface = new ethers.utils.Interface(SafEthABI.abi);
    const userStrategySigner = strategy.connect(testLostFundAddress);

    //stake 1eth
    const ethAmount = "1";
    const depositAmount = ethers.utils.parseEther(ethAmount);
    const stakeResult = await userStrategySigner.stake({
      value: depositAmount,
    });
    const mined = await stakeResult.wait();
    console.log(mined);

    const eventLog = iface.decodeEventLog(
      "Staked",
      mined.logs[1].data,
      mined.logs[1].topics
    );

    //deposit 1 ETH and receive 0 safETH
    expect(eventLog.ethIn).eq(depositAmount);
    expect(eventLog.safEthOut).eq(0);
  });

Tools Used

manual

Recommended Mitigation Steps

The "stake" method requires checking if the current derivative quantity is greater than zero first

1.When there is no limit to the range when setting the maxSlippage, if the slippage set exceeds a reasonable range, it may cause losses to the investor's funds Recommended setting range：maxSlippage %0.5 ~ %2

2.When the weights are set improperly, it may cause losses to investors. Improper weightings can cause the value of the derivative to deviate from the underlying asset, which may result in a lack of liquidity or inaccurate pricing for investors seeking to enter or exit positions. This may lead to losses for investors who have not properly assessed the risks and have invested in the derivative. It is important to properly set the weights and perform rigorous risk management to avoid such negative consequences.

3.When unstaking, it is necessary to check whether the user has a sufficient safEth balance. https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L108#L129

+ require(balanceOf(msg.sender)>=_safEthAmount, "insufficient balance");