DittoETH

Summary

The protocol mistakenly assumes a static 1:1 conversion ratio between stETH and ETH, which is not accurate in real-world market conditions. This incorrect assumption can lead to potential financial discrepancies and can expose the protocol to arbitrage opportunities.

Vulnerability Details

The DittoEth protocol uses the function rocketETHToken.getEthValue(amount) to determine the rETH/ETH conversion rate. However, it assumes that stETH and ETH always maintain a 1:1 conversion ratio. This assumption is proven false by real-world market data, as evidenced by data from CoinMarketCap. For instance, the stETH to ETH conversion rate was recently observed (September 18, 2023) to be 0.9866 ETH, and historical data indicates that this rate has varied between 1.0909 to 0.9262.

Failing to accurately account for the dynamic stETH/ETH conversion rate can lead to imprecise conversions and can expose the protocol to potential financial vulnerabilities.

Impact

Financial Discrepancies: Users might either overpay or underpay when interacting with the protocol, leading to potential financial losses or gains.
Arbitrage Opportunities: Malicious actors might exploit the discrepancy in conversion rates to gain undue profit.
Loss of Trust: Such inaccuracies can erode user trust in the DittoEth protocol, potentially leading to reduced user engagement.
Imbalance in Protocol Reserves: The protocol might hold more of one asset than it should, leading to potential liquidity issues.

Tools Used

• Manual review

• External Data Source: CoinMarketCap

Recommendations

Dynamic Price Feed: Integrate a reliable and dynamic price feed for the stETH/ETH conversion rate. This can be sourced from reputable oracles or decentralized price feed platforms.

Fallback Mechanism: Implement a fallback mechanism that can be triggered if the stETH/ETH conversion rate deviates significantly from 1:1. This can be a manual override or an automated adjustment based on trusted data sources.