Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

den_sosnovskyi - IERC20(stEth).safeTransferFrom will 1-2 wei less than expected due to the stEth 1-2 wei corner case #146

Closed
sherlock-admin2 opened this issue Jun 27, 2024 · 6 comments
Closed

den_sosnovskyi - IERC20(stEth).safeTransferFrom will 1-2 wei less than expected due to the stEth 1-2 wei corner case #146

sherlock-admin2 opened this issue Jun 27, 2024 · 6 comments
Labels
Escalation Resolved This issue's escalations have been approved/rejected Non-Reward This issue will not receive a payout Sponsor Disputed The sponsor disputed this issue's validity

Comments

@sherlock-admin2
Copy link

sherlock-admin2 commented Jun 27, 2024
edited by sherlock-admin3
Loading

den_sosnovskyi

Medium

IERC20(stEth).safeTransferFrom will 1-2 wei less than expected due to the stEth 1-2 wei corner case

Summary

DepositWrapper::deposit will revert if depositing steth.

Vulnerability Detail

stEth has a 1-2 wei corner case, accordingly to which, 1-2 wei less will be transfered than expected. After IERC20(steth).safeTransferFrom(sender, wrapper, amount) we call IERC20(steth).safeIncreaseAllowance(wsteth, amount). Because of the loss of 1-2 wei, we will not have 'amount' of steth, we will have 'amount - 1 or 2 wei', so we cannot allow and wrap 'amount' quantity of stEth

Impact

DepositWrapper::deposit will revert for steth depositing

Code Snippet

https://github.com/sherlock-audit/2024-06-mellow/blob/main/mellow-lrt/src/utils/DepositWrapper.sol#L56-L57
https://github.com/sherlock-audit/2024-06-mellow/blob/main/mellow-lrt/src/utils/DepositWrapper.sol#L35-L39

Tool used

Manual Review

Recommendation

Use transferShares function

Duplicate of #299
@sherlock-admin2 sherlock-admin2 changed the title Glamorous Boysenberry Wombat - SimpleDVTStakingStrategy::processWithdrawals does not check low level delegateCall response IERC20(stEth).safeTransferFrom will 1-2 wei less than expected due to the stEth 1-2 wei corner case Jun 28, 2024
@sherlock-admin3 sherlock-admin3 added the Sponsor Disputed The sponsor disputed this issue's validity label Jun 30, 2024
@github-actions github-actions bot changed the title IERC20(stEth).safeTransferFrom will 1-2 wei less than expected due to the stEth 1-2 wei corner case Glamorous Boysenberry Wombat - IERC20(stEth).safeTransferFrom will 1-2 wei less than expected due to the stEth 1-2 wei corner case Jul 6, 2024
@github-actions github-actions bot closed this as completed Jul 6, 2024
@github-actions github-actions bot added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 6, 2024
@sherlock-admin3 sherlock-admin3 changed the title Glamorous Boysenberry Wombat - IERC20(stEth).safeTransferFrom will 1-2 wei less than expected due to the stEth 1-2 wei corner case den_sosnovskyi - IERC20(stEth).safeTransferFrom will 1-2 wei less than expected due to the stEth 1-2 wei corner case Jul 15, 2024
@sherlock-admin3 sherlock-admin3 added Non-Reward This issue will not receive a payout and removed Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jul 15, 2024
@recursiveEth
Copy link

recursiveEth commented Jul 16, 2024
edited
Loading

Escalate
the loss of 1-2 WEI is not a low/invalid issue, the same issue has been considered in past audits as well thank you

@sherlock-admin3
Copy link
Contributor

sherlock-admin3 commented Jul 16, 2024
edited by sherlock-admin4
Loading

Escalate
the loss of 1-2 WEI is not a low/invalid issue, the same issue has been considered in past audits as well thank you

You've created a valid escalation!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

@sherlock-admin4 sherlock-admin4 added the Escalated This issue contains a pending escalation label Jul 16, 2024
@z3s
Copy link
Collaborator

z3s commented Jul 16, 2024

#181

@WangSecurity
Copy link

Escalation on #276 will be the main one for #299 issue family, this escalation will be rejected since it doesn't have any value and is basically the same one from the same person.

@WangSecurity
Copy link

Result:
Invalid
Duplicate of #299

@sherlock-admin2 sherlock-admin2 removed the Escalated This issue contains a pending escalation label Jul 19, 2024
@sherlock-admin3 sherlock-admin3 added the Escalation Resolved This issue's escalations have been approved/rejected label Jul 19, 2024
@sherlock-admin4
Copy link
Contributor

Escalations have been resolved successfully!

Escalation status:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Escalation Resolved This issue's escalations have been approved/rejected Non-Reward This issue will not receive a payout Sponsor Disputed The sponsor disputed this issue's validity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@z3s @WangSecurity @sherlock-admin2 @recursiveEth @sherlock-admin3 @sherlock-admin4