fix: add docs about possible donation attacks + directly calling the …

…ezETH contract
bgd-labs · Oct 4, 2024 · 181176d · 181176d
1 parent 91320dc
commit 181176d
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/src/contracts/lst-adapters/EzETHPriceCapAdapter.sol b/src/contracts/lst-adapters/EzETHPriceCapAdapter.sol
@@ -1,19 +1,27 @@
 // SPDX-License-Identifier: BUSL-1.1
 pragma solidity ^0.8.19;
 
+import {IERC20} from 'forge-std/interfaces/IERC20.sol';
 import {IACLManager} from 'aave-address-book/AaveV3.sol';
 
 import {PriceCapAdapterBase, IPriceCapAdapter} from '../PriceCapAdapterBase.sol';
 
-import {IEzETHRestakeManager, IEzEthToken} from '../../interfaces/IEzETH.sol';
+import {IEzETHRestakeManager} from '../../interfaces/IEzETH.sol';
 
 /**
  * @title EzETHPriceCapAdapter
  * @author BGD Labs
  * @notice Price capped adapter to calculate price of (ezETH / USD) pair by using
  * @notice Chainlink data feed for (ETH / USD) and (ezETH / ETH) ratio.
+ * @dev IMPORTANT: The `calculateTVLs` function called in the `RATIO_PROVIDER` is used to calculate the total assets deposited within the system
+ * (operators and withdraw contract), and those type of calculations needs to use some type of virtual accounting to avoid the well-known 'donation attacks.' 
+ * In one of the calls inside the `calculateTVLs`, there is a usage of `balanceOf`(specifically in the calculation of LSTs in the Withdraw contract)
+ * being subject to a donation attack. But it's understood that, exclusively in this case, the donations cannot cause a 'completed' manipulation because
+ * the token donated cannot be rescued after the donation and can be considered as an 'injection of rewards', which would benefit all ezETH shareholders.
+ * More information can be found in the ezETH discussion in the forum: https://governance.aave.com/t/arfc-onboard-ezeth-to-aave-v3-lido-instance/18504/9#p-48707-asset-pricing-13
  */
 contract EzETHPriceCapAdapter is PriceCapAdapterBase {
+  IERC20 internal constant ezETH = IERC20(0xbf5495Efe5DB9ce00f80364C8B423567e58d2110);
   /**
    * @param capAdapterParams parameters to create cap adapter
    */
@@ -35,7 +43,6 @@ contract EzETHPriceCapAdapter is PriceCapAdapterBase {
 
   function getRatio() public view override returns (int256) {
     (, , uint256 totalTVL) = IEzETHRestakeManager(RATIO_PROVIDER).calculateTVLs();
-    uint256 totalSupply = IEzETHRestakeManager(RATIO_PROVIDER).ezETH().totalSupply();
     /**  
      * @dev Below, we are doing exactly what the 
       `function calculateRedeemAmount(
@@ -45,6 +52,6 @@ contract EzETHPriceCapAdapter is PriceCapAdapterBase {
         ) external pure returns (uint256)` does in the Renzo Oracle contract, 
      * so we are avoiding an unnecessary extra external call.
      */
-    return int256(((totalTVL * 1 ether) / totalSupply));
+    return int256(((totalTVL * 1 ether) / ezETH.totalSupply()));
   }
 }