Platform: Code4rena
Start Date: 24/03/2023
Pot Size: $49,200 USDC
Total HM: 20
Participants: 246
Period: 6 days
Judge: Picodes
Total Solo HM: 1
Id: 226
League: ETH
Rank: 92/246
Findings: 1
Award: $48.63
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ladboy233
Also found by: 0xkazim, 0xnev, Bauer, J4de, Matin, UniversalCrypto, cryptothemex, jasonxiale, juancito, koxuan, latt1ce, neumo
48.6252 USDC - $48.63
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L71-L81
Loss of precision in calculating preDepositPrice value allows users to mint/ receive more safeEth.
underlyingValue is being computed by dividing the derivate balance by 10**18 [L71-L75] (https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L71-L75).
Later, preDepositPrice is computed as preDepositPrice = (10 ** 18 * underlyingValue) / totalSupply;
First dividing and then multiplying cause loss of precision in preDepositPrice (setting it to lesser than the actual value). Thus, increasing the mintAmount as it is computed by mintAmount = (totalStakeValueEth * 10 ** 18) / preDepositPrice; [L98] (https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L98)
Code Review
Do not divide underlyingValue by 1018 and do not multiply preDepositPrice by 1018 to compute actual mintAmount.
#0 - c4-pre-sort
2023-04-03T15:42:54Z
0xSorryNotSorry marked the issue as low quality report
#1 - c4-pre-sort
2023-04-04T16:41:25Z
0xSorryNotSorry marked the issue as duplicate of #1044
#2 - c4-judge
2023-04-22T10:33:40Z
Picodes marked the issue as satisfactory