Platform: Code4rena
Start Date: 10/11/2023
Pot Size: $28,000 USDC
Total HM: 5
Participants: 185
Period: 5 days
Judge: 0xDjango
Id: 305
League: ETH
Rank: 185/185
Findings: 1
Award: $2.76
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: m_Rassska
Also found by: 0x1337, 0xAadi, 0xHelium, 0xLeveler, 0xblackskull, 0xbrett8571, 0xepley, 0xffchain, 0xluckhu, 0xmystery, 0xrugpull_detector, 0xvj, ABAIKUNANBAEV, Aamir, AerialRaider, Amithuddar, Bauchibred, Bauer, CatsSecurity, Cryptor, Daniel526, Draiakoo, Eigenvectors, ElCid, GREY-HAWK-REACH, Inspecktor, Juntao, King_, LinKenji, Madalad, MaslarovK, Matin, MatricksDeCoder, McToady, Noro, PENGUN, Pechenite, Phantasmagoria, RaoulSchaffranek, SBSecurity, SandNallani, Shaheen, Soul22, Stormreckson, T1MOH, Tadev, TeamSS, TheSchnilch, Topmark, Tumelo_Crypto, Udsen, Yanchuan, ZanyBonzy, _thanos1, adeolu, adriro, alexfilippov314, almurhasan, amaechieth, anarcheuz, ayden, baice, bareli, boredpukar, bronze_pickaxe, btk, cartlex_, catellatech, chaduke, cheatc0d3, circlelooper, codynhat, crack-the-kelp, critical-or-high, debo, deepkin, desaperh, dipp, eeshenggoh, evmboi32, ge6a, gesha17, glcanvas, gumgumzum, hals, hihen, hunter_w3b, jasonxiale, joaovwfreire, ke1caM, leegh, lsaudit, marchev, merlinboii, niser93, osmanozdemir1, paritomarrr, passion, pep7siup, phoenixV110, pipidu83, poneta, ro1sharkm, rouhsamad, rvierdiiev, sakshamguruji, seerether, shealtielanz, soliditytaker, spark, squeaky_cactus, stackachu, supersizer0x, tallo, taner2344, turvy_fuzz, twcctop, ubl4nk, wisdomn_, xAriextz, zach, zhaojie, zhaojohnson, ziyou-
2.7592 USDC - $2.76
In LRTDepositPool.sol the function getRsETHAmountToMint() gets the price of an asset from chainlink via the aggregator and uses it to calculate the rsETH amount to mint for a certain amount of LST, the issue is that different chainlink aggregator feeds have different decimals for different tokens whenever it returns the price, the price should be scaled in order to prevent rounding issues whenever it is divided by a value in 1e18, this can be seen when rsETH in the pool is 0, it returns 1 ether which is Wei in 18 decimal places
Consider an amount of LST = 3 and the price from the feed is 1e8 dividing by 1 ether which is 1e18 will lead to rounding error where
3 * 1e8 / 1e18
The value gotten will be rounded down to zero.
Manual review
Consider the tokens decimal whenever getting the rsETH amount to mint for a particular token.
Decimal
#0 - c4-pre-sort
2023-11-16T23:04:16Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2023-11-16T23:04:33Z
raymondfam marked the issue as duplicate of #97
#2 - c4-pre-sort
2023-11-17T08:02:11Z
raymondfam marked the issue as duplicate of #479
#3 - c4-judge
2023-12-01T18:01:01Z
fatherGoose1 changed the severity to 2 (Med Risk)
#4 - c4-judge
2023-12-01T18:06:50Z
fatherGoose1 marked the issue as satisfactory
#5 - c4-judge
2023-12-04T17:24:48Z
fatherGoose1 changed the severity to QA (Quality Assurance)
#6 - c4-judge
2023-12-08T18:53:03Z
fatherGoose1 marked the issue as grade-b