- Total Prize Pool: $15,000 USDC
- Warden guidelines for C4 mitigation reviews
- Submit findings using the C4 form
- Starts May 4, 2023 20:00 UTC
- Ends May 8, 2023 20:00 UTC
Each warden must submit a mitigation review for every in-scope High and Medium finding from the parent contest. Incomplete mitigation reviews will not be eligible for awards.
Mitigations of all High and Medium issues will be considered in-scope and listed here.
-
H-01: An attacker can manipulate the preDepositvePrice to steal from other users.
-
H-04: Price of sfrxEth derivative is calculated incorrectly.
-
H-08: Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit).
-
M-10: Stuck ether when use function stake with empty derivatives(derivativeCount = 0)
-
M-11: Residual ETH unreachable and unuitilized in SafEth.sol
Most of the mitigations I feel are self explanatory.
The one exception is H-04, I would like extra attention towards that one because we are assuming 1:1 but are reverting if the CRV pool is depegged. I think there could be a better solution, but it seems that we had many issues that had separate solutions, one being adding a chainlink oracle, which doesn't exist.
Reason | Issue |
---|---|
We will be manually holding safETH to prevent this, if not redeploy | M-03 |
This is as expected | M-06 |
Will need a black swan event to happen and will upgrade rebalanceToWeights later to handle this | M-07 |