Platform: Code4rena
Start Date: 30/04/2024
Pot Size: $112,500 USDC
Total HM: 22
Participants: 122
Period: 8 days
Judge: alcueca
Total Solo HM: 1
Id: 372
League: ETH
Rank: 78/122
Findings: 2
Award: $1.48
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: pauliax
Also found by: 0rpse, 0x73696d616f, 0xAadi, 0xCiphky, 0xPwned, 0xhacksmithh, 0xnev, 0xnightfall, 0xordersol, 14si2o_Flint, Aamir, Aymen0909, BiasedMerc, DanielArmstrong, Fassi_Security, FastChecker, GoatedAudits, Greed, KupiaSec, LessDupes, Maroutis, NentoR, OMEN, SBSecurity, Stefanov, TheFabled, adam-idarrha, ak1, aman, araj, aslanbek, b0g0, baz1ka, bigtone, blutorque, carlitox477, carrotsmuggler, crypticdefense, eeshenggoh, fyamf, gesha17, gjaldon, grearlake, guhu95, honey-k12, hunter_w3b, ilchovski, josephdara, kinda_very_good, lanrebayode77, m_Rassska, maxim371, mt030d, mussucal, oakcobalt, p0wd3r, peanuts, rbserver, shui, siguint, t0x1c, tapir, twcctop, ustazz, xg, zhaojohnson, zigtur, zzykxx
0.0026 USDC - $0.00
calculateTVLs will not calculate the withdraw queue value correctly, because the wrong index is used.
function calculateTVLs() public view returns (uint256[][] memory, uint256[] memory, uint256) { ... for (uint256 i = 0; i < odLength; ) { ... for (uint256 j = 0; j < tokenLength; ) ... if (!withdrawQueueTokenBalanceRecorded) { totalWithdrawalQueueValue += renzoOracle.lookupTokenValue( @> collateralTokens[i], collateralTokens[j].balanceOf(withdrawQueue) ); }
according to the code above, the wrong index is used in the collateralTokens array,
i is used to stand for the operator delegator index, and j is used to stand for the token index.
while collateralTokens[i] is used to get the token address, which should be collateralTokens[j] instead.
manual
- collateralTokens[i], + collateralTokens[j],
Math
#0 - c4-judge
2024-05-16T10:27:00Z
alcueca marked the issue as satisfactory
#1 - c4-judge
2024-05-16T10:39:08Z
alcueca changed the severity to 3 (High Risk)
#2 - c4-judge
2024-05-20T04:26:26Z
alcueca changed the severity to 2 (Med Risk)
#3 - c4-judge
2024-05-23T13:47:20Z
alcueca changed the severity to 3 (High Risk)
🌟 Selected for report: t0x1c
Also found by: 0xCiphky, 0xDemon, Bauchibred, DanielArmstrong, FastChecker, MSaptarshi, Maroutis, NentoR, Ocean_Sky, PNS, Rhaydden, SBSecurity, Shaheen, Tigerfrake, ZanyBonzy, atoko, btk, carlitox477, crypticdefense, honey-k12, hunter_w3b, ilchovski, jokr, ladboy233, rbserver, twcctop, umarkhatab_465
1.479 USDC - $1.48
User is possible to get less tokens than expected when depositing to the RestakeManager contract.
function deposit in RestakeManager is to deposit collateral token to the contract and mint ezETH token to the user.
The deposit function doesn't have slippage protection, so the user can get less tokens than expected.
... uint256 ezETHToMint = renzoOracle.calculateMintAmount( totalTVL, collateralTokenValue, ezETH.totalSupply() ); // Mint the ezETH ezETH.mint(msg.sender, ezETHToMint);
manual
add slippage protection to the deposit function. user should be able to set min amount of ezETH to mint when depositing to the contract.
Invalid Validation
#0 - c4-judge
2024-05-17T13:28:55Z
alcueca marked the issue as satisfactory