Remaining dust from Ether deposits is not returned to users #455
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-152
high quality report
This report is of especially high quality
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Comments
code423n4
added
2 (Med Risk)
c4-pre-sort
added
the
high quality report
|
0xSorryNotSorry marked the issue as high quality report |
c4-pre-sort
added
the
primary issue
|
0xSorryNotSorry marked the issue as primary issue |
This was referenced Apr 4, 2023
|
This will result in more gas spent by user to recover dust therefore resulting in a lower ETH balance overall. |
|
toshiSat marked the issue as sponsor disputed |
c4-sponsor
added
the
sponsor disputed
c4-judge
added
duplicate-152
and removed
primary issue
|
Picodes marked issue #152 as primary and marked this issue as a duplicate of 152 |
|
Picodes marked the issue as satisfactory |
c4-judge
added
the
satisfactory
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/SafEth.sol#L88
Vulnerability details
When users stake Ether, some dust is left from the calculations corresponding to the Ether that has to be deposited for each derivative. This is due to some precision loss when calculating the weighted amounts.
Impact
Users lose the Ether dust that is not being used for staking. The dust is locked on the
SafEthcontract.Proof of Concept
There is some precision loss in line 88:
uint256 ethAmount = (msg.value * weight) / totalWeight;Each weighted
ethAmountis deposited for each derivative, but the sum of all those amounts is less than themsg.value. That dust is left on the contract and not returned to the user.Link to code
Test
Add the following test to the
describe("Af Strategy")intest/SafEth.test.tsto prove that Ether dust is locked in the contract:Tools Used
Manual review
Recommended Mitigation Steps
Return the Ether dust not used for staking to the user:
// File: contracts/SafEth.sol function stake() external payable { // ... uint256 totalStakeValueEth = 0; // total amount of derivatives worth of ETH in system + uint256 totalValueEth = 0; for (uint i = 0; i < derivativeCount; i++) { uint256 weight = weights[i]; IDerivative derivative = derivatives[i]; if (weight == 0) continue; uint256 ethAmount = (msg.value * weight) / totalWeight; + totalValueEth += ethAmount; // This is slightly less than ethAmount because slippage uint256 depositAmount = derivative.deposit{value: ethAmount}(); uint derivativeReceivedEthValue = (derivative.ethPerDerivative( depositAmount ) * depositAmount) / 10 ** 18; totalStakeValueEth += derivativeReceivedEthValue; } // mintAmount represents a percentage of the total assets in the system uint256 mintAmount = (totalStakeValueEth * 10 ** 18) / preDepositPrice; - _mint(msg.sender, mintAmount); - emit Staked(msg.sender, msg.value, mintAmount); + _mint(totalValueEth, mintAmount); + uint256 dust = msg.value - totalValueEth; + (bool sent, ) = address(msg.sender).call{value: dust}(""); + require(sent, "Failed to send Ether"); + emit Staked(msg.sender, totalValueEth, mintAmount); }The text was updated successfully, but these errors were encountered: