DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

wrong assumption that 1 Zeth = 1 Eth

0xepley

Summary

The protocol is being developed by assuming that 1 Zeth = 1 Eth which is very dangerous.

Vulnerability Details

In the function depositEth() we can see the comment written that the developer is assuming that // Assumes 1 ETH = 1 ZETH. It is very dangerous to assume that something is exactly equal to something else like in this case it is 1 ETH = 1 ZETH

Although in the docs this issue is mentioned and the devs tried very hard approach to face this issue but still it is not fully prevented, what if zeth depegs and user calls the function depositEth. In this function user is sending eth assuming that the value of zeth == eth

Impact

System could face alot of trouble and loss of believing that 1 zeth = 1 eth.

Tools Used

Manual Review

Recommendations

Do not assume that 1 eth = 1 zeth

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-579

nabeel Submitter

over 1 year ago

T1MOH Auditor

over 1 year ago

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Assigned finding tags:

finding-579

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.