Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kirkeelee - Wrong accounting in case of using stETH as RA due to 1-2 Wei loss per transfer. #133

Closed
sherlock-admin3 opened this issue Sep 10, 2024 · 0 comments
Closed

Kirkeelee - Wrong accounting in case of using stETH as RA due to 1-2 Wei loss per transfer. #133

sherlock-admin3 opened this issue Sep 10, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A Medium severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin3
Copy link

sherlock-admin3 commented Sep 10, 2024
edited
Loading

Kirkeelee

Medium

Wrong accounting in case of using stETH as RA due to 1-2 Wei loss per transfer.

Summary

Protocol intends to allow usage of stETH as a pegged asset or even as a redemption asset per the litepaper but doesn't consider edge case in it's transfer mechanism which would lead to discrepancy between the accounting balance and the actual token balance.

Vulnerability Detail

There is a known issue with stETH that the actual transferred amount can be 1-2 Wei less due to rounding in balance calculations.
This will cause issues in accounting of the current protocol if stETH used as a redemption asset(RA).
All the RA deposits into the PSM are kept in the locked variable and the amount assigned to this variable is taken directly from the amount that the user calls with. The actual amount transferred will be 1-2 Wei less due to above issue.
Therefore the locked variable will be assigned more amount than the actual contract balance which will lead to issues when redeeming or converting to free etc. Negative or positive rebasing of stETH will also influence contract balance which will lead to additional issue.

Impact

Potential dos due to the wrong assumption of holdings.

Code Snippet

https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/libraries/RedemptionAssetManagerLib.sol#L32-L35

https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/libraries/PsmLib.sol#L84-L108

Tool used

Manual Review

Recommendation

Balance checks before and after transfers can be done but it will complicate the flow. Therefore it is better to not use stETH as RA and instead use wstETH.

Duplicate of #235
@github-actions github-actions bot added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A Medium severity issue. labels Sep 14, 2024
@sherlock-admin3 sherlock-admin3 changed the title Virtual Tawny Newt - Wrong accounting in case of using stETH as RA due to 1-2 Wei loss per transfer. Kirkeelee - Wrong accounting in case of using stETH as RA due to 1-2 Wei loss per transfer. Sep 25, 2024
@sherlock-admin3 sherlock-admin3 added the Reward A payout will be made for this issue label Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A Medium severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin3