Platform: Code4rena
Start Date: 23/06/2023
Pot Size: $60,500 USDC
Total HM: 31
Participants: 132
Period: 10 days
Judge: 0xean
Total Solo HM: 10
Id: 254
League: ETH
Rank: 64/132
Findings: 2
Award: $85.68
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: bytes032
Also found by: 0xMAKEOUTHILL, 0xgrbr, 0xkazim, 0xnacho, Arz, Co0nan, CrypticShepherd, Cryptor, HE1M, Iurii3, LaScaloneta, LokiThe5th, LuchoLeonel1, MrPotatoMagic, Musaka, Qeew, RedTiger, SovaSlava, Toshii, Vagner, a3yip6, azhar, bart1e, devival, hl_, jnrlouis, kutugu, peanuts, pep7siup, qpzm, smaul
1.3247 USDC - $1.32
https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/pools/LybraWbETHVault.sol#L35 https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/pools/LybraWbETHVault.sol#L10
There is no function name called exchangeRatio in original WBETH contract (https://etherscan.io/address/0xa2e3356610840701bdf5611a53974510ae27e2e1) but in the LybraWbETHVault.sol contract getAssetPrice function is using exchangeRatio function of WBETH contract which result revert and the code will not be working.
function getAssetPrice() public override returns (uint256) { return (_etherPrice() * IWBETH(address(collateralAsset)).exchangeRatio()) / 1e18; }
check original WBETH contract (https://etherscan.io/address/0xa2e3356610840701bdf5611a53974510ae27e2e1) there is no exchangeRatio function present
Use the right function else the code will revert
DoS
#0 - c4-pre-sort
2023-07-04T02:30:41Z
JeffCX marked the issue as primary issue
#1 - c4-pre-sort
2023-07-04T13:29:37Z
JeffCX marked the issue as duplicate of #27
#2 - c4-judge
2023-07-28T17:14:12Z
0xean changed the severity to 2 (Med Risk)
#3 - c4-judge
2023-07-28T17:15:43Z
0xean marked the issue as satisfactory
84.3563 USDC - $84.36
According the protocol requirements vaultSafeCollateralRatio should be higher then vaultBadCollateralRatio but in setBadCollateralRatio function it's possible to set vaultSafeCollateralRatio to less then vaultBadCollateralRatio. Which means user collateral could be potentially in safecollateralratio but still in the badcollateralration and result his collateral will be liquid able
function setBadCollateralRatio(address pool, uint256 newRatio) external onlyRole(DAO) { require(newRatio >= 130 * 1e18 && newRatio <= 150 * 1e18 && newRatio <= vaultSafeCollateralRatio[pool] + 1e19, "LNA"); vaultBadCollateralRatio[pool] = newRatio; emit SafeCollateralRatioChanged(pool, newRatio); }
Suppose vaultSafeCollateralRatio[pool] is between 130 * 1e18 to 140 * 1e18. So, according to this require statement newRatio <= vaultSafeCollateralRatio[pool] + 1e19 it's possible to set the vaultBadCollateralRatio between 130 * 1e18 to 140 * 1e18 according to the vaultSafeCollateralRatio.
Manual
The require statement should check for newRatio <= vaultSafeCollateralRatio[pool] - 1e19 this. So, badcollateralratio can never be higher then safecollateralratio.
Invalid Validation
#0 - c4-pre-sort
2023-07-10T13:39:15Z
JeffCX marked the issue as duplicate of #3
#1 - c4-judge
2023-07-28T15:44:49Z
0xean marked the issue as satisfactory