Platform: Code4rena
Start Date: 24/03/2023
Pot Size: $49,200 USDC
Total HM: 20
Participants: 246
Period: 6 days
Judge: Picodes
Total Solo HM: 1
Id: 226
League: ETH
Rank: 237/246
Findings: 1
Award: $0.14
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: HHK
Also found by: 019EC6E2, 0Kage, 0x52, 0xRobocop, 0xTraub, 0xbepresent, 0xepley, 0xfusion, 0xl51, 4lulz, Bahurum, BanPaleo, Bauer, CodeFoxInc, Dug, HollaDieWaldfee, IgorZuk, Lirios, MadWookie, MiloTruck, RedTiger, Ruhum, SaeedAlipoor01988, Shogoki, SunSec, ToonVH, Toshii, UdarTeam, Viktor_Cortess, a3yip6, auditor0517, aviggiano, bearonbike, bytes032, carlitox477, carrotsmuggler, chalex, deliriusz, ernestognw, fs0c, handsomegiraffe, igingu, jasonxiale, kaden, koxuan, latt1ce, m_Rassska, n1punp, nemveer, nowonder92, peanuts, pontifex, roelio, rvierdiiev, shalaamum, shuklaayush, skidog, tank, teddav, top1st, ulqiorra, wait, wen, yac
0.1353 USDC - $0.14
Reth pool price can be manipulated to cause loss of funds for the protocol and other users
Reth poolPrice uses the UniV3Pool.slot0 to determine the price of reth/eth, slot0 is the most recent data point and can easily be manipulated.
This allows a malicious user to manipulate the valuation of the rETH. An example of this kind of manipulation would be to use large amount of reth to be withdraw.
Manual review
Consider using TWAP oracle instead of reading from slot0
#0 - c4-pre-sort
2023-04-01T13:48:50Z
0xSorryNotSorry marked the issue as low quality report
#1 - elmutt
2023-04-07T22:21:47Z
we will be switching to chainlink prices. thanks
#2 - c4-sponsor
2023-04-07T22:21:51Z
elmutt marked the issue as sponsor confirmed
#3 - c4-judge
2023-04-21T16:22:43Z
Picodes marked the issue as satisfactory
#4 - c4-judge
2023-04-21T16:23:23Z
Picodes marked the issue as duplicate of #1125