DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

minimum deposit should be checked based on zethAmount

chainnue

Summary

minimum deposit should be checked based on zethAmount, because comparing Constants.MIN_DEPOSIT with amount and msg.value may not be equal price. thus the minimum constraint here is different.

Vulnerability Details

In BridgeRouter when deposit through deposit() and depositEth() there is a minimum amount check as following:

if (amount < Constants.MIN_DEPOSIT) revert Errors.UnderMinimumDeposit();

if (msg.value < Constants.MIN_DEPOSIT) revert Errors.UnderMinimumDeposit();

this assume the amount and msg.value does have same value vector (assuming ETH and LST is 1:1). But that's not always true.

Rather than comparing the minimum with the input amount or msg.value, it's understandable to
check or compare with zethAmount returned from the amount or msg.value converted.

Impact

Different minimum amount of zeth for deposit via deposit() or depositEth()

Tools Used

Manual analysis

Recommendations

The check should be using the converted zeth amount rather than amount or msg.value inputted

File: BridgeRouterFacet.sol

46: function deposit(address bridge, uint88 amount)

47: external

48: nonReentrant

49: onlyValidBridge(bridge)

50: {

-- if (amount < Constants.MIN_DEPOSIT) revert Errors.UnderMinimumDeposit();

52: // @dev amount after deposit might be less, if bridge takes a fee

53: uint88 zethAmount = uint88(IBridge(bridge).deposit(msg.sender, amount)); // @dev(safe-cast)

++ if (zethAmount < Constants.MIN_DEPOSIT) revert Errors.UnderMinimumDeposit();

54:

55: uint256 vault;

56: if (bridge == rethBridge || bridge == stethBridge) {

57: vault = Vault.CARBON;

58: } else {

59: vault = s.bridge[bridge].vault;

60: }

61:

62: vault.addZeth(zethAmount);

63: maybeUpdateYield(vault, zethAmount);

64: emit Events.Deposit(bridge, msg.sender, zethAmount);

65: }

67: function depositEth(address bridge)

68: external

69: payable

70: nonReentrant

71: onlyValidBridge(bridge)

72: {

-- if (msg.value < Constants.MIN_DEPOSIT) revert Errors.UnderMinimumDeposit();

74:

75: uint256 vault;

76: if (bridge == rethBridge || bridge == stethBridge) {

77: vault = Vault.CARBON;

78: } else {

79: vault = s.bridge[bridge].vault;

80: }

81:

82: uint88 zethAmount = uint88(IBridge(bridge).depositEth{value: msg.value}()); // Assumes 1 ETH = 1 ZETH

++ if (zethAmount < Constants.MIN_DEPOSIT) revert Errors.UnderMinimumDeposit();

83: vault.addZeth(zethAmount);

84: maybeUpdateYield(vault, zethAmount);

85: emit Events.DepositEth(bridge, msg.sender, zethAmount);

86: }

Updates

Lead Judging Commences

0xnevi Lead Judge about 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-579

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!