Platform: Code4rena
Start Date: 30/04/2024
Pot Size: $112,500 USDC
Total HM: 22
Participants: 122
Period: 8 days
Judge: alcueca
Total Solo HM: 1
Id: 372
League: ETH
Rank: 56/122
Findings: 3
Award: $13.57
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: LessDupes
Also found by: 0rpse, 0xAadi, 0xCiphky, 0xhacksmithh, 0xnightfall, FastChecker, KupiaSec, NentoR, SBSecurity, Tendency, adam-idarrha, aman, araj, baz1ka, bigtone, fyamf, jokr, kennedy1030, maxim371, mussucal, p0wd3r, zigtur
13.5262 USDC - $13.53
Total TVL calculation depends on this, thus RestakeManager.calculateTVLs() returns incorrect value.
The mapping queuedShares tracks token shares within the withdrawal queue of EigenLayer. Its definition is mapping(address => uint256) public queuedShares. Proper representation would involve accessing it as queuedShares[address(token)]. However, within the function, it's depicted as queuedShares[address(this)] == 0, which is always True. Consequently, the ternary operator always returns the token balance without considering the queued shares for that specific token.
Manual review.
Replace queuedShares[address(this)] == 0 with queuedShares[address(token)] == 0.
Context
#0 - c4-judge
2024-05-16T10:44:24Z
alcueca marked the issue as satisfactory
🌟 Selected for report: pauliax
Also found by: 0rpse, 0x73696d616f, 0xAadi, 0xCiphky, 0xPwned, 0xhacksmithh, 0xnev, 0xnightfall, 0xordersol, 14si2o_Flint, Aamir, Aymen0909, BiasedMerc, DanielArmstrong, Fassi_Security, FastChecker, GoatedAudits, Greed, KupiaSec, LessDupes, Maroutis, NentoR, OMEN, SBSecurity, Stefanov, TheFabled, adam-idarrha, ak1, aman, araj, aslanbek, b0g0, baz1ka, bigtone, blutorque, carlitox477, carrotsmuggler, crypticdefense, eeshenggoh, fyamf, gesha17, gjaldon, grearlake, guhu95, honey-k12, hunter_w3b, ilchovski, josephdara, kinda_very_good, lanrebayode77, m_Rassska, maxim371, mt030d, mussucal, oakcobalt, p0wd3r, peanuts, rbserver, shui, siguint, t0x1c, tapir, twcctop, ustazz, xg, zhaojohnson, zigtur, zzykxx
0.0026 USDC - $0.00
The total TVL is inaccurate because of an incorrect calculation of the totalWithdrawalQueueValue.
The function renzoOracle.lookupTokenValue(IERC20 _token, uint256 _balance) provides the value of _balance denominated in the underlying currency for the specified _token. It's important to note that _token differs from the token whose balance is represented by _balance. Specifically, _token corresponds to collateralTokens[i], while _balance refers to collateralTokens[j].balanceOf(withdrawQueue).
Manual review.
The renzoOracle.lookupTokenValue() function's initial parameter should be collateralTokens[j].
Context
#0 - c4-judge
2024-05-16T10:34:27Z
alcueca marked the issue as satisfactory
#1 - c4-judge
2024-05-16T10:39:08Z
alcueca changed the severity to 3 (High Risk)
#2 - c4-judge
2024-05-20T04:26:26Z
alcueca changed the severity to 2 (Med Risk)
#3 - c4-judge
2024-05-23T13:47:20Z
alcueca changed the severity to 3 (High Risk)
🌟 Selected for report: 0xCiphky
Also found by: 0rpse, 0x007, 0xAadi, 14si2o_Flint, ADM, Aamir, Aymen0909, BiasedMerc, DanielArmstrong, Fassi_Security, FastChecker, KupiaSec, LessDupes, MaslarovK, Neon2835, RamenPeople, SBSecurity, Shaheen, Tendency, ZanyBonzy, adam-idarrha, araj, b0g0, baz1ka, bigtone, bill, blutorque, carrotsmuggler, cu5t0mpeo, fyamf, gesha17, gumgumzum, hunter_w3b, inzinko, jokr, josephdara, kennedy1030, kinda_very_good, lanrebayode77, m_Rassska, mt030d, mussucal, tapir, underdog, xg, zzykxx
0.0402 USDC - $0.04
RestakeManager.deposit() may revert for a certain valid case.
In the function, if bufferToFill > 0, then _amount is recalculated. If _amount is equal to bufferToFill, then operatorDelegator.deposit(_collateralToken, _amount) is called with _amount=0. It gets reverted as operatorDelegator.deposit() checks for this.
Manual review.
Include the call to operatorDelegator.deposit() in a if statement.
Context
#0 - c4-judge
2024-05-20T05:03:21Z
alcueca marked the issue as satisfactory