0x73696d616f - Rebasing tokens are not supported contrary to the readme and will lead to loss of funds #235
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Won't Fix
The sponsor confirmed this issue will not be fixed
0x73696d616f
Medium
Rebasing tokens are not supported contrary to the readme and will lead to loss of funds
Summary
The readme states that rebasing tokens are supported
However, only non rebasing tokens such as the wrapped version
wsteth
are supposed. IfstETH
is used, it will accrue value in thePsm
andVault
(technically they are the same contract) which will be left untracked asRa
andPa
deposits are tracked in state variables.Root Cause
The code does not handle rebasing tokens even though the readme says it does. The exchange rate mechanism only supports non rebasing tokens such as
wsteth
.Internal pre-conditions
None.
External pre-conditions
None.
Attack Path
Admin creates
steth
pairs using it asRa
orPa
, whose value will grow in the protocol but left untracked as the quantites are tracked with state variables.Impact
Stuck yield accruel in the Vault/Psm contracts.
PoC
State.sol
tracks the balances:Mitigation
Don't set rebasing tokens are
Ra
orPa
or implement a way to sync the balances.The text was updated successfully, but these errors were encountered: