Loss of Funds due to Ignored ETH to ZETH Conversion Rate in depositEth Function
Summary
The depositEth() function doesn’t consider the actual ETH to ZETH conversion rate, always assuming a 1:1 ratio. This can lead to users incurring losses when withdrawing funds due to the potential difference in conversion rates.
Vulnerability Details
The function depositEth calculates zeth amount received from deposited eth based on a fixed 1 ETH = 1 ZETH ratio.
If users withdraw their funds, a discrepancy in conversion rates at the time of deposit and withdrawal can lead to loss of funds for users.
For example :
A user deposits 1 ETH via the depositEth function.
The real conversion rate is 1 ETH = 1.2 ZETH at the time of deposit. The user receives 1 ZETH instead of 1.2 ZETH.
Let's say the user changes his mind and wants to withdraw back. When the user decides to withdraw, the function uses the correct conversion rate.
The user would expect to get back 1 ETH for 1 ZETH (because that’s what they received when they deposited 1 ETH).
When withdrawing 1 ZETH, due to the correct conversion rate being applied now, the user gets back only 0.80 ETH.
The user incurs a loss of 0.2 ETH due to the flawed assumption in the deposit function.
Impact
Loss of funds for the user.
Tools Used
Manual Review
Recommendations
Use the _ethConversion function in depositEth to assign ZETH accurately based on the real-time conversion rate to ensure the correct amount of ZETH is allocated to users during deposit.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.