Platform: Code4rena
Start Date: 24/03/2023
Pot Size: $49,200 USDC
Total HM: 20
Participants: 246
Period: 6 days
Judge: Picodes
Total Solo HM: 1
Id: 226
League: ETH
Rank: 229/246
Findings: 1
Award: $3.49
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: monrel
Also found by: 0xRajkumar, 0xfusion, AkshaySrivastav, Bahurum, Brenzee, Cryptor, Dug, Haipls, Koolex, Krace, MiloTruck, RaymondFam, RedTiger, ToonVH, Tricko, Vagner, aga7hokakological, anodaram, bart1e, bin2chen, bytes032, carrotsmuggler, ck, d3e4, giovannidisiena, igingu, juancito, mahdirostami, mert_eren, n33k, nemveer, parsely, pavankv, sashik_eth, shaka, sinarette, ulqiorra, yac
3.4908 USDC - $3.49
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L63
First staker can inflate the rate of minting SafEth token per deposited ETH, leading to the loss of next stakers funds.
It's a well-known attack vector, explained for example here.
Next scenario possible:
SafETH token.WstETH derivative address.underlyingValue is 1 ETH (from WST_ETH sent by the attacker) and totalSupply of SafETH is 1 wei - preDepositPrice is overinflated and user mints 0 wei of SafETH, while the attacker could withdraw all staked 1.5 ETH.Consider adding a restriction to mint more than 0 wei of SafETH token on stake() function call or sending the first 1000 wei of token to a zero address.
#0 - c4-pre-sort
2023-03-31T18:12:01Z
0xSorryNotSorry marked the issue as low quality report
#1 - c4-pre-sort
2023-04-04T12:44:39Z
0xSorryNotSorry marked the issue as duplicate of #715
#2 - c4-judge
2023-04-21T14:56:24Z
Picodes marked the issue as satisfactory