Back to wen's contests

Asymmetry contest - wen's results

A protocol to help diversify and decentralize liquid staking derivatives.

General Information

Platform: Code4rena

Start Date: 24/03/2023

Pot Size: $49,200 USDC

Total HM: 20

Participants: 246

Period: 6 days

Judge: Picodes

Total Solo HM: 1

Id: 226

League: ETH

Asymmetry Finance

Findings Distribution

Researcher Performance

Rank: 125/246

Findings: 3

Award: $24.06

QA:
grade-b
Gas:
grade-b

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAsymmetry Finance

Findings Information

🌟 Selected for report: HHK

Also found by: 019EC6E2, 0Kage, 0x52, 0xRobocop, 0xTraub, 0xbepresent, 0xepley, 0xfusion, 0xl51, 4lulz, Bahurum, BanPaleo, Bauer, CodeFoxInc, Dug, HollaDieWaldfee, IgorZuk, Lirios, MadWookie, MiloTruck, RedTiger, Ruhum, SaeedAlipoor01988, Shogoki, SunSec, ToonVH, Toshii, UdarTeam, Viktor_Cortess, a3yip6, auditor0517, aviggiano, bearonbike, bytes032, carlitox477, carrotsmuggler, chalex, deliriusz, ernestognw, fs0c, handsomegiraffe, igingu, jasonxiale, kaden, koxuan, latt1ce, m_Rassska, n1punp, nemveer, nowonder92, peanuts, pontifex, roelio, rvierdiiev, shalaamum, shuklaayush, skidog, tank, teddav, top1st, ulqiorra, wait, wen, yac

Awards

0.1353 USDC - $0.14

Labels

bug
3 (High Risk)
satisfactory
duplicate-142

External Links

Link to GitHub issue

Lines of code

https://github.com/NaryaAI/2023-03-c4-asymmetry/blob/main/contracts/SafEth/derivatives/Reth.sol#L240

Vulnerability details

Impact

The price of Reth in ETH can be manipulated by flashloan. An attacker can exploit this fact to steal funds from other stakers.

Proof of Concept

https://github.com/NaryaAI/2023-03-c4-asymmetry/blob/main/contracts/SafEth/derivatives/Reth.sol#L240

    /**
        @notice - Price of derivative in liquidity pool
     */
    function poolPrice() private view returns (uint256) {
        address rocketTokenRETHAddress = RocketStorageInterface(
            ROCKET_STORAGE_ADDRESS
        ).getAddress(
                keccak256(
                    abi.encodePacked("contract.address", "rocketTokenRETH")
                )
            );
        IUniswapV3Factory factory = IUniswapV3Factory(UNI_V3_FACTORY);
        IUniswapV3Pool pool = IUniswapV3Pool(
            factory.getPool(rocketTokenRETHAddress, W_ETH_ADDRESS, 500)
        );
        (uint160 sqrtPriceX96, , , , , , ) = pool.slot0(); // (1)
        return (sqrtPriceX96 * (uint(sqrtPriceX96)) * (1e18)) >> (96 * 2);
    }

At (1), the function fetches the slot0.sqrtPriceX96 of the pool which shows the current price without any historical price information.

This value can be manipulated by an attacker through flashloan. For example, an attacker can (1) Use flashloan to get a large amount of WETH from any pool. (2) Add liquidity to the rETH-WTH pool at a large tick range (e.g., 29000 ~ 29010) (3) Swap all the WETH through the rETH-WTH pool Then the current price of rETH in the pool will be dramatically increased, which will affect the stake() function (if totalSupply is 0, the attacker can gain many more safETH than being supposed to).

Tools Used

Use TWAP instead of the current price (see https://docs.uniswap.org/contracts/v3/reference/core/libraries/Oracle).

#0 - c4-pre-sort

2023-04-04T11:19:28Z

0xSorryNotSorry marked the issue as duplicate of #601

#1 - c4-judge

2023-04-21T16:14:56Z

Picodes marked the issue as satisfactory

#2 - c4-judge

2023-04-21T16:15:31Z

Picodes marked the issue as duplicate of #1125

#3 - c4-judge

2023-04-21T16:15:31Z

Picodes marked the issue as duplicate of #1125

Findings Information

🌟 Selected for report: brgltd

Also found by: 0x3b, 0xAgro, 0xGusMcCrae, 0xNorman, 0xRajkumar, 0xSmartContract, 0xTraub, 0xWagmi, 0xWaitress, 0xffchain, 0xhacksmithh, 0xkazim, 0xnev, 3dgeville, ArbitraryExecution, Aymen0909, BRONZEDISC, Bason, Bloqarl, BlueAlder, Brenzee, CodeFoxInc, CodingNameKiki, Cryptor, DadeKuma, DevABDee, Diana, Dug, Englave, Gde, Haipls, HollaDieWaldfee, Ignite, Infect3d, Jerry0x, Josiah, Kaysoft, Koko1912, KrisApostolov, Lavishq, LeoGold, Madalad, PNS, Rappie, RaymondFam, RedTiger, Rickard, Rolezn, Sathish9098, SunSec, T1MOH, UdarTeam, Udsen, Viktor_Cortess, Wander, adriro, ak1, alejandrocovrr, alexzoid, arialblack14, ayden, bin2chen, brevis, btk, c3phas, carlitox477, catellatech, ch0bu, chaduke, ck, climber2002, codeslide, descharre, dingo2077, ernestognw, fatherOfBlocks, favelanky, georgits, helios, hl_, inmarelibero, juancito, ks__xxxxx, lopotras, lukris02, m_Rassska, mahdirostami, maxper, nadin, navinavu, nemveer, p_crypt0, peanuts, pipoca, pixpi, qpzm, rbserver, reassor, roelio, rotcivegaf, scokaf, siddhpurakaran, slvDev, smaul, tnevler, tsvetanovv, turvy_fuzz, vagrant, wen, yac, zzzitron

Awards

13.1298 USDC - $13.13

Labels

bug
grade-b
low quality report
QA (Quality Assurance)
sponsor acknowledged
Q-69

External Links

Link to GitHub issue

1. Unnecessary loop in addDerivative()

https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L182

addDerivative() function doesn’t need to have a for loop for updating totalWeight. totalWeight could just be increased by _weight.

2. Unnecessary loop in rebalanceToWeights()

https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L138

In the rebalanceToWeights() function, the second loop checks ethAmountToRebalance == 0 every time. If ethAmountToRebalance is 0, no need to have the second loop. So this check could be moved to before the second loop.

#0 - c4-pre-sort

2023-03-31T12:12:47Z

0xSorryNotSorry marked the issue as low quality report

#1 - c4-sponsor

2023-04-10T18:49:12Z

toshiSat marked the issue as sponsor acknowledged

#2 - c4-judge

2023-04-24T17:46:10Z

Picodes marked the issue as grade-b

Findings Information

🌟 Selected for report: Rolezn

Also found by: 0x3b, 0xGordita, 0xSmartContract, 0xhacksmithh, 0xnev, 0xpanicError, 4lulz, Angry_Mustache_Man, ArbitraryExecution, Aymen0909, Bason, BlueAlder, EvanW, Franfran, HHK, Haipls, IgorZuk, JCN, KrisApostolov, Madalad, MiksuJak, MiniGlome, RaymondFam, ReyAdmirado, Rickard, Sathish9098, Udsen, adriro, alexzoid, anodaram, arialblack14, c3phas, carlitox477, ch0bu, chaduke, codeslide, d3e4, dicethedev, ernestognw, fatherOfBlocks, georgits, hunter_w3b, inmarelibero, lukris02, mahdirostami, maxper, pavankv, pixpi, rotcivegaf, smaul, tank, tnevler, wen, yac

Awards

10.7864 USDC - $10.79

Labels

bug
G (Gas Optimization)
grade-b
sponsor acknowledged
G-25

External Links

Link to GitHub issue

1. stake() function reads derivativeCount twice.

https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L71 https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L84

2. rebalanceToWeights() function reads derivativeCount twice.

https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L140 https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L147

3. addDerivative() function reads derivativeCount twice.

https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L182

4. setPauseStaking() could emit local variable(_pause) instead of storage variable(pauseStaking).

https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L234

5. setPauseUnstaking() could emit local variable(_pause) instead of storage variable(pauseUnstaking).

https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L243

#0 - c4-sponsor

2023-04-10T19:02:04Z

toshiSat marked the issue as sponsor acknowledged

#1 - c4-judge

2023-04-23T18:56:07Z

Picodes marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter