Use of Incorrect mainnet address for `WSTETH_ETH_CHAINLINK_PRICE_AGGREGATOR`
Summary
The platform uses incorrect address for WSTETH_ETH_CHAINLINK_PRICE_AGGREGATOR which does not correspond to wsteth/eth aggregator
rather it corresponds to stETH-ETH Price Feed.
The constant is defined as following in C.sol which is parent contract for a lot of in-scope contracts
Vulnerability Details
As a matter of fact , chainlink does not have any aggregator at all for wstheth-eth on ethereum mainnet .
https://data.chain.link/feeds/optimism/mainnet/wsteth-eth
It has this feed only for
Optimism
Arbitrum
Scroll
Polygon
For Eth mainnet , it only has the stETh-eth price feed.
Checking out the difference in prices for wstEth and stETH on coin marketcap
https://coinmarketcap.com/currencies/lido-finance-wsteth/
We see as of writing 29 June ,2024 ,
Price of Lido wstETH =$3,965.45
Price of Lido stETH =$$3,383.57
with a huge difference of around 600$ , any calculation that is based on this wrong price is deemed to fail and damage either protocol itself or its users.
Impact
Incorrect price calculations inside
LibWstEThEthOracle.sol, UsdOracle.sol,LibWstEThUsdOracle.sol
which will damage the users or the protocol in the long run
Tools Used
Manual review
Recommendations
Revamp the code according to stEth-Eth logic if you want to deploy on mainnet otherwise change the address of the aggregator for target chains.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.