Depending liquid stacking derivative rETH
can disrupt DittoETH protocol.
Protocol owner on Rocket Pool (rETH protocol), which is controlled through a multi-signature system, can modify the rocketDepositPool address. Such a change would grant infinite minting privileges to the new address.
The rETH mint function is restricted and can only be called by the RocketDepositPool contract.
Source
Total disruption of protocol, new address with infinite minting privileges would swap it's rETH for zETH, being able to adquire all the issued DittoAssets before RPL node operators reach for consensus to account for this increase in supply, which would take time.
Manual review, RPL documentation.
DittoETH governance should be able to stop rETH inflows for zETH before CR of the overall protocol goes below minimumCR, as it is done in the MarketShutdownFacet
.
A potential solution involves caching the rETH supply for every rETH deposit each hour and checking that no significant increase has happened.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.