First Flight #3: Thunder Loan

First Flight #3

Beginner FriendlyFoundryDeFiOracle

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Incorrect Fee Calculation in Flash Loan Function

nisedo

Vulnerability Details

The vulnerability resides in the incorrect calculation of the flash loan fee within the ThunderLoan smart contract. Specifically, the fee is mistakenly being taken from the user's total balance rather than being calculated based on the flash loaned amount.

The relevant code snippet from the ThunderLoan contract is as follows:

File: ThunderLoan.sol

function flashloan(address receiverAddress, IERC20 token, uint256 amount, bytes calldata params) external {

// ... [omitted code]

uint256 fee = getCalculatedFee(token, amount);

// ... [omitted code]

emit FlashLoan(receiverAddress, token, amount, fee, params);

// ... [omitted code]

}

function getCalculatedFee(IERC20 token, uint256 amount) public view returns (uint256 fee) {

uint256 valueOfBorrowedToken = (amount * getPriceInWeth(address(token))) / s_feePrecision;

fee = (valueOfBorrowedToken * s_flashLoanFee) / s_feePrecision;

}

The fee calculation should use the amount that is being flash loaned (amount), but due to the design of the getCalculatedFee function, it ends up using the total token value in relation to ETH price, causing the fee to be disproportionately high and incorrect.

Impact

The impact of this vulnerability is two-fold:

User Impact: Users who take out flash loans are overcharged, leading to an unjustified depletion of their funds. This can result in significant financial losses for users and can deter them from using the platform.
Reputational Damage: The discovery of such a flaw can lead to a loss of trust in the ThunderLoan platform, affecting its reputation and potentially causing a decline in user base and volume.

Recommendations

The getCalculatedFee function should be modified to calculate the fee based on the flash loaned amount only.

Here is a proposed fix for the getCalculatedFee function:

function getCalculatedFee(IERC20 token, uint256 amount) public view returns (uint256 fee) {

// Ensure the fee is calculated based on the flash loaned amount

fee = (amount * s_flashLoanFee) / s_feePrecision;

}

This revised function ensures that the fee is calculated as a percentage of the actual amount being flash loaned, rather than the user's total balance or the token's value in ETH.

Updates

Lead Judging Commences

0xnevi Lead Judge

about 2 years ago

0xnevi Lead Judge about 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

Rewards breakdown

nSLOC

387

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.