Asymmetry contest - teddav's results

A protocol to help diversify and decentralize liquid staking derivatives.

General Information

Platform: Code4rena

Start Date: 24/03/2023

Pot Size: $49,200 USDC

Total HM: 20

Participants: 246

Period: 6 days

Judge: Picodes

Total Solo HM: 1

Id: 226

League: ETH

Asymmetry Finance

Findings Distribution

Researcher Performance

Rank: 232/246

Findings: 1

Award: $0.14

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Asymmetry Finance

Findings Information

🌟 Selected for report: HHK

Also found by: 019EC6E2, 0Kage, 0x52, 0xRobocop, 0xTraub, 0xbepresent, 0xepley, 0xfusion, 0xl51, 4lulz, Bahurum, BanPaleo, Bauer, CodeFoxInc, Dug, HollaDieWaldfee, IgorZuk, Lirios, MadWookie, MiloTruck, RedTiger, Ruhum, SaeedAlipoor01988, Shogoki, SunSec, ToonVH, Toshii, UdarTeam, Viktor_Cortess, a3yip6, auditor0517, aviggiano, bearonbike, bytes032, carlitox477, carrotsmuggler, chalex, deliriusz, ernestognw, fs0c, handsomegiraffe, igingu, jasonxiale, kaden, koxuan, latt1ce, m_Rassska, n1punp, nemveer, nowonder92, peanuts, pontifex, roelio, rvierdiiev, shalaamum, shuklaayush, skidog, tank, teddav, top1st, ulqiorra, wait, wen, yac

Awards

0.1353 USDC - $0.14

Labels

bug

3 (High Risk)

low quality report

satisfactory

duplicate-142

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/derivatives/Reth.sol#L228

Vulnerability details

Impact

The poolPrice is fetched from the latest uniswap RETH/WETH pool price. The pool only has about 1400 WETH and 1400 RETH: https://info.uniswap.org/#/pools/0xa4e0faa58465a2d369aa21b3e42d43374c6f9613

The same pool on Balancer has a lot more liquidity. So, a user can get a flashloan from Balancer for 1400 RETH https://app.balancer.fi/#/ethereum/pool/0x1e19cf2d73a72ef1332c882f20534b6519be0276000200000000000000000112 And manipulate the price on the Uniswap Pool which will end up minting to the user a lot more tokens than he should have had. Then the user can withdraw his safETH token and get a lot more ETH than initially deposited.

Tools Used

Manual analysis

Recommended Mitigation Steps

Use a TWAP to avoid manipulation: https://docs.uniswap.org/contracts/v3/reference/periphery/libraries/OracleLibrary#consult

#0 - c4-pre-sort
2023-03-31T16:26:45Z

0xSorryNotSorry marked the issue as low quality report

#1 - c4-pre-sort
2023-04-04T11:24:33Z

0xSorryNotSorry marked the issue as duplicate of #601

#2 - c4-judge
2023-04-21T16:14:42Z

Picodes marked the issue as satisfactory

#3 - c4-judge
2023-04-21T16:15:19Z

Picodes marked the issue as duplicate of #1125

Asymmetry contest - teddav's results

A protocol to help diversify and decentralize liquid staking derivatives.

General Information

Findings Distribution

Researcher Performance

External Links

[H-08] Reth derivative price can be manipulated - $0.14

Findings Information

Awards

Labels

External Links

Lines of code

Vulnerability details

Impact

Tools Used

Recommended Mitigation Steps

#0 - c4-pre-sort2023-03-31T16:26:45Z

#1 - c4-pre-sort2023-04-04T11:24:33Z

#2 - c4-judge2023-04-21T16:14:42Z

#3 - c4-judge2023-04-21T16:15:19Z

#0 - c4-pre-sort
2023-03-31T16:26:45Z

#1 - c4-pre-sort
2023-04-04T11:24:33Z

#2 - c4-judge
2023-04-21T16:14:42Z

#3 - c4-judge
2023-04-21T16:15:19Z