Asymmetry - Mitigation Review Contest

A protocol to help diversify and decentralize liquid staking derivatives.

  • Start date4 May 2023
  • End date8 May 2023
  • Total awards$15,000 USDC
  • Duration4 days

Asymmetry - Mitigation Review contest details

Important note

Each warden must submit a mitigation review for every in-scope High and Medium finding from the parent contest. Incomplete mitigation reviews will not be eligible for awards.

Findings being mitigated

Mitigations of all High and Medium issues will be considered in-scope and listed here.

Overview of changes

Most of the mitigations I feel are self explanatory.

The one exception is H-04, I would like extra attention towards that one because we are assuming 1:1 but are reverting if the CRV pool is depegged. I think there could be a better solution, but it seems that we had many issues that had separate solutions, one being adding a chainlink oracle, which doesn't exist.

Mitigations to be reviewed

URLMitigation ofPurpose internal accounting to get the balance't get rETH from pool on deposits Derivatives protect against oracle attacks we assume FRX is 1:1 with ETH and revert if the oracle says otherwise since there is no chainlink for FRX Chainlink to get price instead of poolPrice Chainlink to get price instead of assuming 1:1 if withdraw from deposit contract possible Chainlink to get price instead of poolPrice't divide before multiply it by enable/disable derivatives swapTo/swapFrom directly from rocketpool it by enable/disable derivatives Chainlink to get rETH derivativeCount on stake entire balance for rebalance in minAmount

Out of Scope

We will be manually holding safETH to prevent this, if not redeployM-03
This is as expectedM-06
Will need a black swan event to happen and will upgrade rebalanceToWeights later to handle thisM-07