First Flight #3: Thunder Loan

Vulnerability Details

The ThunderLoan protocol interacts with external contracts TSwapPool.sol, PoolFactory.sol, and ITSwapPool.sol, which were not included in the audit scope provided by the client. Without an audit of these contracts, it is impossible to assess the safety of these interactions or the integrity of the data being used by the ThunderLoan protocol. Moreover, the OracleUpgradeable.sol contract raises concerns as it does not fulfill the typical functionalities of an oracle, but rather calls unaudited swap pool interfaces to fetch price data.

The getPriceInWeth function within OracleUpgradeable.sol relies on the getPool function of the IPoolFactory interface and the getPriceOfOnePoolTokenInWeth function of the ITSwapPool interface, both of which are external dependencies that are unaudited and could potentially be unreliable or manipulated.

Impact

Reliance on external, unaudited contracts exposes ThunderLoan to numerous potential risks, including but not limited to:

1. Manipulation of Return Values: If the swap pool contracts have vulnerabilities or malicious code, they could provide incorrect price data, leading to exploitation opportunities against ThunderLoan.

2. Reliance on Unverified Logic: Since the audit does not cover these contracts, any logic within them that is critical to ThunderLoan's operations cannot be verified for security or correctness.

3. Oracle Misrepresentation: The OracleUpgradeable.sol contract is named as an oracle, yet it directly fetches prices from swap pools without any of the verification or aggregation commonly found in true oracle implementations. This misrepresentation could lead to a false sense of security.

Recommendations

1. Extend Audit Scope: The client should be advised to include all external contracts that interact with ThunderLoan within the audit scope. An audit of TSwapPool.sol, PoolFactory.sol, and ITSwapPool.sol should be conducted to ensure their reliability and security.

2. Implement Proper Oracles: Replace the current price-fetching mechanism with a trusted and well-established oracle solution that provides price feeds through an aggregation of multiple data sources, reducing the risk of price manipulation.

3. Code Clarification: The OracleUpgradeable.sol contract should be renamed or refactored to reflect its actual functionality and avoid misleading stakeholders about the nature of its operations.

4. Validation Checks: Implement additional checks and validation within ThunderLoan to detect anomalies in the price data received from the swap pools, potentially using historical data or comparisons with other price feeds as a reference.

5. Risk Disclosure: Communicate clearly to users about the source of the price data and the associated risks, until a more robust oracle solution is in place.

By addressing these recommendations, ThunderLoan can significantly reduce its exposure to risks stemming from interactions with external, unaudited contracts and improve the accuracy and trustworthiness of its price data.