zzykxx - depositSteth() and depositeEth() will revert

[sherlock-admin4]

zzykxx

medium

depositSteth() and depositeEth() will revert

Summary

Vulnerability Detail

The protocol always assumes that the amount of tokens received is equal to the amount of tokens transferred.
This is not the case for rebasing tokens, such as stETH and eETH, because internally they transfer shares which generally results in the received amount of tokens being lower than the requested one by a couple of wei because of roundings: transferring 1e18 eETH tokens from A to B, will result in B receiving 0.99e18 eETH tokens.

Sophon deals with rebasing token transfers in 3 functions:

• depositSteth()
• depositeEth()
• deposit()

As an example the depositeEth() takes as input an amount of eETH to deposit, then:

1. Transfers amount of eETH from the caller to the contract itself
2. Wraps amount of eETH to weETH, which will attempt to transfer amount from the contract to the Etherfi protocol.

Step 2 will fail, because the contract doesn't have enough eETH. The issue lies in attempting to wrap amount of eETH in step 2 instead of wrapping the actual amount of tokens received.

This also applies to the other two functions listed above, depositSteth() and deposit() (if a stETH and/or eETH pool exists).

Impact

The functions depositSteth() and depositeEth() will revert.

Code Snippet

Tool used

Manual Review

Recommendation

In depositSteth(), depositeEth() and deposit() deposit the actual amount of tokens received instead of the amount specified as input.

Duplicate of #63

[sherlock-admin3]

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

valid because this parallels FOT as documented by Lido, just not sure if this would apply to eETH too.

[sherlock-admin2]

The protocol team fixed this issue in the following PRs/commits:
sophon-org/farming-contracts@73adb67