Asymmetry - Mitigation Review Contest
A protocol to help diversify and decentralize liquid staking derivatives.
- Start date4 May 2023
- End date8 May 2023
- Total awards$15,000 USDC
- Duration4 days
- Details
Asymmetry - Mitigation Review contest details
- Total Prize Pool: $15,000 USDC
- Warden guidelines for C4 mitigation reviews
- Submit findings using the C4 form
- Starts May 4, 2023 20:00 UTC
- Ends May 8, 2023 20:00 UTC
Important note
Each warden must submit a mitigation review for every in-scope High and Medium finding from the parent contest. Incomplete mitigation reviews will not be eligible for awards.
Findings being mitigated
Mitigations of all High and Medium issues will be considered in-scope and listed here.
-
H-01: An attacker can manipulate the preDepositvePrice to steal from other users.
-
H-04: Price of sfrxEth derivative is calculated incorrectly.
-
H-08: Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit).
-
M-10: Stuck ether when use function stake with empty derivatives(derivativeCount = 0)
-
M-11: Residual ETH unreachable and unuitilized in SafEth.sol
Overview of changes
Most of the mitigations I feel are self explanatory.
The one exception is H-04, I would like extra attention towards that one because we are assuming 1:1 but are reverting if the CRV pool is depegged. I think there could be a better solution, but it seems that we had many issues that had separate solutions, one being adding a chainlink oracle, which doesn't exist.
Mitigations to be reviewed
Out of Scope
| Reason | Issue |
|---|---|
| We will be manually holding safETH to prevent this, if not redeploy | M-03 |
| This is as expected | M-06 |
| Will need a black swan event to happen and will upgrade rebalanceToWeights later to handle this | M-07 |