wrong address used in the comment #18
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-c
low quality report
This report is of especially low quality
primary issue
Highest quality submission among a set of duplicates
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2023-06-lybra/blob/dc901a3560b71ed2376feb6418b3d81e3d067fb9/contracts/lybra/pools/LybraWbETHVault.sol#L15-L18
Vulnerability details
Impact
wrong address comment used
WBETH token address in the comment is assigned to this address 0xae78736Cd615f374D3085123A210448E74Fc6393
while searching for the address on the blockchain the address is assigned to rETH =
0xae78736Cd615f374D3085123A210448E74Fc6393
Proof of Concept
contract LybraWBETHVault is LybraPeUSDVaultBase {
//WBETH = 0xae78736Cd615f374D3085123A210448E74Fc6393 @Audit this is the address for rETH =
0xae78736Cd615f374D3085123A210448E74Fc6393
constructor(address _peusd, address _oracle, address _asset, address _config)
LybraPeUSDVaultBase(_peusd, _oracle, _asset, _config) {}
here is the proof https://etherscan.io/token/0xae78736cd615f374d3085123a210448e74fc6393
Tools Used
https://etherscan.io/
Recommended Mitigation Steps
use the correct address comment of WBETH
Assessed type
Context
The text was updated successfully, but these errors were encountered: