DittoETH

Summary

incorrect equality

Vulnerability Details

"Incorrect Equality" is found in the depositEth function of the contract. The issue lies in the comparison of netBalance with zero. After depositing ETH and minting rETH, the function checks if the net balance of rETH is zero. If it is, the function reverts with a NetBalanceZero error. However, this check could lead to unexpected behavior if the deposit function in the rocketDepositPool contract does not behave as expected. For instance, if the deposit function fails silently and does not revert the transaction, or if it does not update the balance of rETH correctly, the netBalance could be zero even though the deposit was intended to be successful. This would cause the depositEth function to revert even though ETH was sent to the contract. This vulnerability could potentially lock up user funds or disrupt the normal operation of the contract.

Tools Used

Vs code

Recommendations

To resolve this issue, I recommend adding additional checks and error handling to ensure the deposit function in the rocketDepositPool contract behaves as expected.

Firstly, you could add a check to ensure that the deposit function does not fail silently. This could be done by having the deposit function return a boolean value indicating success or failure, which can then be checked in the depositEth function. If the deposit function fails, the depositEth function should revert with an appropriate error message.

Secondly, you could add a check to ensure that the balance of rETH is updated correctly after the deposit. This could be done by comparing the expected new balance of rETH (i.e., the original balance plus the deposited amount) with the actual new balance. If the two do not match, the depositEth function should revert with an appropriate error message.

By adding these additional checks and error handling, you can ensure that the depositEth function behaves as expected and does not revert unexpectedly, thereby preventing potential disruption to the normal operation of the contract and potential loss of user funds.