First Deposit Can be frontrun to make amount minted round down to zero

[c4-submissions]

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/c5fdc2e62c5e1d78769f44d6e34a6fb9e40c00f0/src/LRTDepositPool.sol#L95-L110

Vulnerability details

Impact

First Deposit Can be frontrun to make amount minted round down to zero, which means the attacker gets 100% of the victims deposit contributed to the rsEth exchange rate.

Proof of Concept

When deposit is called when there are already pre-existing deposits, the conversion rate is totalETHInPool / rsEthSupply

When an intial deposit is sent to the pool, this can be front run by:

1. Alice mints 1 rsEth
2. Alice sends a large eth deposit directly into a contract that is accounted for in totalETHInPool such that totalETHInPool / rsEthSupply is greater than amount * lrtOracle.getAssetPrice(asset) of the victim's deposit
3. The victims deposit goes in.
4. totalETHInPool / rsEthSupply is greater than amount * lrtOracle.getAssetPrice(asset)
5. Therefore the amount minted rounds down to zero.

Therefore zero shares are minted for the victim, and will result in a greater share of the pool for the attacker, since they still have 100% rsEth, and a boosted conversion rate, which still applies for future deposits. When withdrawals are implemented, this also means they can withdraw the entire victims deposit and whatever assets they sent directly to the contract.

Tools Used

Manual Review

Recommended Mitigation Steps

Use internal accounting which tracks deposits and withdrawals rather than balanceOf

Assessed type

Math

[c4-pre-sort]

raymondfam marked the issue as sufficient quality report

[c4-pre-sort]

raymondfam marked the issue as duplicate of #42

[c4-judge]

fatherGoose1 marked the issue as satisfactory