• Total Prize Pool: $15,000 USDC
• Warden guidelines for C4 mitigation reviews
• Submit findings using the C4 form
• Starts May 4, 2023 20:00 UTC
• Ends May 8, 2023 20:00 UTC

Each warden must submit a mitigation review for every in-scope High and Medium finding from the parent contest. Incomplete mitigation reviews will not be eligible for awards.

Mitigations of all High and Medium issues will be considered in-scope and listed here.

• H-01: An attacker can manipulate the preDepositvePrice to steal from other users.

• H-02: A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.

• H-03: Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed.

• H-04: Price of sfrxEth derivative is calculated incorrectly.

• H-05: Reth poolPrice calculation may overflow.

• H-06: WstEth derivative assumes a ~1=1 peg of stETH to ETH.

• H-07: Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol.

• H-08: Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit).

• M-01: Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection

• M-02: sFrxEth may revert on redeeming non-zero amount

• M-04: Lack of deadline for uniswap AMM

• M-05: Missing derivative limit and deposit availability checks will revert the whole stake() function

• M-08: Possible DoS on unstake()

• M-09: Non-ideal rETH/WETH pool used pays unnecessary fees

• M-10: Stuck ether when use function stake with empty derivatives(derivativeCount = 0)

• M-11: Residual ETH unreachable and unuitilized in SafEth.sol

• M-12: No slippage protection on stake() in SafEth.sol

Most of the mitigations I feel are self explanatory.

The one exception is H-04, I would like extra attention towards that one because we are assuming 1:1 but are reverting if the CRV pool is depegged. I think there could be a better solution, but it seems that we had many issues that had separate solutions, one being adding a chainlink oracle, which doesn't exist.