Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wrong address used in the comment #18

Closed
code423n4 opened this issue Jun 24, 2023 · 5 comments
Closed

wrong address used in the comment #18

code423n4 opened this issue Jun 24, 2023 · 5 comments
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-c low quality report This report is of especially low quality primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/dc901a3560b71ed2376feb6418b3d81e3d067fb9/contracts/lybra/pools/LybraWbETHVault.sol#L15-L18

Vulnerability details

Impact

wrong address comment used
WBETH token address in the comment is assigned to this address 0xae78736Cd615f374D3085123A210448E74Fc6393
while searching for the address on the blockchain the address is assigned to rETH =
0xae78736Cd615f374D3085123A210448E74Fc6393

Proof of Concept

contract LybraWBETHVault is LybraPeUSDVaultBase {
//WBETH = 0xae78736Cd615f374D3085123A210448E74Fc6393 @Audit this is the address for rETH =
0xae78736Cd615f374D3085123A210448E74Fc6393
constructor(address _peusd, address _oracle, address _asset, address _config)
LybraPeUSDVaultBase(_peusd, _oracle, _asset, _config) {}
here is the proof https://etherscan.io/token/0xae78736cd615f374d3085123a210448e74fc6393

Tools Used

https://etherscan.io/

Recommended Mitigation Steps

use the correct address comment of WBETH

Assessed type

Context
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Jun 24, 2023
code423n4 added a commit that referenced this issue Jun 24, 2023
@code423n4
austinekrash issue #18
5d6ce0c
@JeffCX
Copy link

JeffCX commented Jul 3, 2023

wrong comment is QA

@c4-pre-sort c4-pre-sort added the primary issue Highest quality submission among a set of duplicates label Jul 3, 2023
@c4-pre-sort
Copy link

JeffCX marked the issue as primary issue

@c4-pre-sort c4-pre-sort mentioned this issue Jul 3, 2023
Closed
@c4-pre-sort
Copy link

JeffCX marked the issue as low quality report

@c4-pre-sort c4-pre-sort added the low quality report This report is of especially low quality label Jul 11, 2023
@c4-judge c4-judge added downgraded by judge Judge downgraded the risk level of this issue QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Jul 25, 2023
@c4-judge
Copy link
Contributor

0xean changed the severity to QA (Quality Assurance)

This was referenced Jul 27, 2023
Closed
Closed
Closed
Open
Open
Open
Closed
@c4-sponsor
Copy link

LybraFinance marked the issue as sponsor confirmed

@c4-sponsor c4-sponsor added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Jul 29, 2023
@C4-Staff C4-Staff closed this as completed Aug 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-c low quality report This report is of especially low quality primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@JeffCX @code423n4 @c4-judge @c4-sponsor @c4-pre-sort @C4-Staff