Platform: Code4rena
Start Date: 24/03/2023
Pot Size: $49,200 USDC
Total HM: 20
Participants: 246
Period: 6 days
Judge: Picodes
Total Solo HM: 1
Id: 226
League: ETH
Rank: 246/246
Findings: 1
Award: $0.07
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: HHK
Also found by: 019EC6E2, 0Kage, 0x52, 0xRobocop, 0xTraub, 0xbepresent, 0xepley, 0xfusion, 0xl51, 4lulz, Bahurum, BanPaleo, Bauer, CodeFoxInc, Dug, HollaDieWaldfee, IgorZuk, Lirios, MadWookie, MiloTruck, RedTiger, Ruhum, SaeedAlipoor01988, Shogoki, SunSec, ToonVH, Toshii, UdarTeam, Viktor_Cortess, a3yip6, auditor0517, aviggiano, bearonbike, bytes032, carlitox477, carrotsmuggler, chalex, deliriusz, ernestognw, fs0c, handsomegiraffe, igingu, jasonxiale, kaden, koxuan, latt1ce, m_Rassska, n1punp, nemveer, nowonder92, peanuts, pontifex, roelio, rvierdiiev, shalaamum, shuklaayush, skidog, tank, teddav, top1st, ulqiorra, wait, wen, yac
0.0677 USDC - $0.07
While call Reth:ethPerDerivative it used derivative balance it is rETH balance of Reth derivative not ETH balance to be used while checking the poolCanDeposit(amount) check.
Problem can be return false even deposit is possible and price can be difference from uniswap v3 / rETH price
Reth poolCanDeposit check function.
function poolCanDeposit(uint256 _amount) private view returns (bool) { address rocketDepositPoolAddress = RocketStorageInterface( ROCKET_STORAGE_ADDRESS ).getAddress( keccak256( abi.encodePacked("contract.address", "rocketDepositPool") ) ); RocketDepositPoolInterface rocketDepositPool = RocketDepositPoolInterface( rocketDepositPoolAddress ); address rocketProtocolSettingsAddress = RocketStorageInterface( ROCKET_STORAGE_ADDRESS ).getAddress( keccak256( abi.encodePacked( "contract.address", "rocketDAOProtocolSettingsDeposit" ) ) ); RocketDAOProtocolSettingsDepositInterface rocketDAOProtocolSettingsDeposit = RocketDAOProtocolSettingsDepositInterface( rocketProtocolSettingsAddress ); return rocketDepositPool.getBalance() + _amount <= rocketDAOProtocolSettingsDeposit.getMaximumDepositPoolSize() && _amount >= rocketDAOProtocolSettingsDeposit.getMinimumDeposit(); }
Here is RocketDepositPool.sol deposit function require checking code
https://etherscan.io/address/0x2cac916b2A963Bf162f076C0a8a4a8200BCFBfb4#code RocketDepositPool.sol:deposit() line 106
require(rocketVault.balanceOf("rocketDepositPool").add(msg.value) <=rocketDAOProtocolSettingsDeposit.getMaximumDepositPoolSize(), "The deposit pool size after depositing exceeds the maximum size");
Manual check
We can replace it with ethPerDerivative(0)
for (uint i = 0; i < derivativeCount; i++) underlyingValue += (derivatives[i].ethPerDerivative(0) * derivatives[i].balance()) / 10 ** 18;
#0 - c4-pre-sort
2023-04-03T12:57:21Z
0xSorryNotSorry marked the issue as low quality report
#1 - c4-pre-sort
2023-04-04T17:50:00Z
0xSorryNotSorry marked the issue as duplicate of #1004
#2 - c4-judge
2023-04-21T14:03:48Z
Picodes marked the issue as duplicate of #1125
#3 - c4-judge
2023-04-21T14:20:31Z
Picodes marked the issue as satisfactory
#4 - c4-judge
2023-04-21T14:22:11Z
Picodes marked the issue as unsatisfactory: Insufficient quality
#5 - c4-judge
2023-04-21T14:22:26Z
Picodes marked the issue as partial-50
#6 - c4-judge
2023-04-24T21:46:36Z
Picodes changed the severity to 3 (High Risk)