Sum of total staked ETH on SafEth
is not always equal to msg.value, which will lead to stuck ether on vault
#252
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-152
low quality report
This report is of especially low quality
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L88
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L95
Vulnerability details
Impact
Because of rounding errors on
SafEth.stake
, the total ether amount passed to derivative contracts will not always be equal tomsg.value
. As a result, some ether will be stuck on theSafEth
contract.Proof of Concept
1 ether
msg.value/3
etherSafEth
ether will be stuck with 1 weiTools Used
Manual review
Recommended Mitigation Steps
Refund the user back with the amount of ether that was not used to fund the derivative contracts.
The text was updated successfully, but these errors were encountered: