Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ArsenLupin - _stethToWsteth method revert, resulting in DoS #181

Closed
sherlock-admin4 opened this issue Jun 27, 2024 · 11 comments
Closed

ArsenLupin - _stethToWsteth method revert, resulting in DoS #181

sherlock-admin4 opened this issue Jun 27, 2024 · 11 comments
Labels
Escalation Resolved This issue's escalations have been approved/rejected Non-Reward This issue will not receive a payout Sponsor Disputed The sponsor disputed this issue's validity

Comments

@sherlock-admin4
Copy link
Contributor

sherlock-admin4 commented Jun 27, 2024
edited by WangSecurity
Loading

ArsenLupin

High

_stethToWsteth method revert, resulting in DoS

Summary

stEth::safeTransferFrom could transfer 1-2 less way, which could lead to the function revert because the same amount is passed into the _stethToWsteth method.

Vulnerability Detail

DepositWrapper.sol

if (token == steth) {
IERC20(steth).safeTransferFrom(sender, wrapper, amount);
amount = _stethToWsteth(amount);

Impact

Functionality DoS.

Code Snippet

https://github.com/sherlock-audit/2024-06-mellow/blob/main/mellow-lrt/src/utils/DepositWrapper.sol#L55-L57

Tool used

Manual Review

Recommendation

Use lido recommendation to utilize transferShares function. You could also check the balances (before/after) and take the delta on it.
@sherlock-admin2 sherlock-admin2 changed the title Glamorous Boysenberry Wombat - Vault:: _processLpAmount can revert when total value = zero _stethToWsteth method revert, resulting in DoS Jun 28, 2024
@sherlock-admin3 sherlock-admin3 added the Sponsor Disputed The sponsor disputed this issue's validity label Jun 30, 2024
@github-actions github-actions bot changed the title _stethToWsteth method revert, resulting in DoS Silly Lava Manatee - _stethToWsteth method revert, resulting in DoS Jul 6, 2024
@github-actions github-actions bot closed this as completed Jul 6, 2024
@github-actions github-actions bot added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 6, 2024
@sherlock-admin3 sherlock-admin3 changed the title Silly Lava Manatee - _stethToWsteth method revert, resulting in DoS ArsenLupin - _stethToWsteth method revert, resulting in DoS Jul 15, 2024
@sherlock-admin3 sherlock-admin3 added Non-Reward This issue will not receive a payout and removed Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jul 15, 2024
@Senya123
Copy link

Escalate
It is a valid issue. It is a valid dup of the #299 issue, as well of others dups.
Additionaly, the same issue was found on previous contest, graded as a high issue
sherlock-audit/2024-05-sophon-judging#63

@sherlock-admin3
Copy link
Contributor

Escalate
It is a valid issue. It is a valid dup of the #299 issue, as well of others dups.
Additionaly, the same issue was found on previous contest, graded as a high issue
sherlock-audit/2024-05-sophon-judging#63

You've created a valid escalation!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

@sherlock-admin4 sherlock-admin4 added the Escalated This issue contains a pending escalation label Jul 15, 2024
@z3s
Copy link
Collaborator

z3s commented Jul 16, 2024

Can anyone find a tx on etherscan where this happen!? because I checked dozen stETH transfers and non of them have this issue.

@blckhv
Copy link

blckhv commented Jul 16, 2024

https://docs.lido.fi/guides/lido-tokens-integration-guide/#1-2-wei-corner-case
lidofinance/lido-dao#442

@z3s
Copy link
Collaborator

z3s commented Jul 16, 2024

Yeah, etherscan's Transaction Details isn't showing correct info for this issue, I should check event logs.
so depositing stETH get DoSed most of time. I think this submission and it's duplicates should be valid Mediums.

@z3s z3s mentioned this issue Jul 16, 2024
Closed
@Bauchibred Bauchibred mentioned this issue Jul 16, 2024
Closed
This was referenced Jul 16, 2024
Closed
Closed
Closed
@WangSecurity WangSecurity mentioned this issue Jul 17, 2024
Closed
@WangSecurity
Copy link

Firstly, advice for all in this issue, if your issue is invalid and its grouped into the family, like this one with #299 being the main report, please escalate the main report.

Secondly, about the escalation. I believe this issue is not sufficient to be a valid duplicate, since it doesn't identify the root cause (why there would be 1-2 wei less?), doesn't identify a medium severity impact (functionality DOS by itself is not medium), and doesn't have a valid vulnerability or attack path.

I'll review #299 if it's indeed a valid issue, but this escalation will be rejected and deduped if #299 is valid.

@WangSecurity
Copy link

For everyone interested in #299 being valid, please look at discussion under #276 issue.

@Senya123
Copy link

@WangSecurity could you please explain why my issue is not sufficient duplicate, if it explains the same bug?

After looking deeper into #181, I see it's not a sufficient duplicate, hence, the escalation there will be rejected either way. Hence, I'll make this escalation as the main one for #299 issue family.
Plan to accept the escalation and leave the issue as it is.

@WangSecurity
Copy link

Based on my comment here:

Secondly, about the escalation. I believe this issue is not sufficient to be a valid duplicate, since it doesn't identify the root cause (why there would be 1-2 wei less?), doesn't identify a medium severity impact (functionality DOS by itself is not medium), and doesn't have a valid vulnerability or attack path.

The report doesn't qualify for the Duplication Requirements

The decision remains the same, planning to reject the escalation and de-dup this issue in case #299 becomes valid.

@WangSecurity
Copy link

Result:
Invalid
Unique

@sherlock-admin2 sherlock-admin2 removed the Escalated This issue contains a pending escalation label Jul 19, 2024
@sherlock-admin3 sherlock-admin3 added the Escalation Resolved This issue's escalations have been approved/rejected label Jul 19, 2024
@sherlock-admin4
Copy link
Contributor Author

Escalations have been resolved successfully!

Escalation status:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Escalation Resolved This issue's escalations have been approved/rejected Non-Reward This issue will not receive a payout Sponsor Disputed The sponsor disputed this issue's validity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@Senya123 @z3s @blckhv @WangSecurity @sherlock-admin2 @sherlock-admin3 @sherlock-admin4