First Flight #3: Thunder Loan
First Flight #3
Beginner FriendlyFoundryDeFiOracle
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

flashloan() cannot be repaid by redeeming assetToken

anarcheuz

Summary

flashloan() logic is not correct for contracts that repay the loan's fee by redeeming assetTokens.

Vulnerability Details

flashloan() is making a callback to receiverAddress, by calling executeOperation(). Plus, it is assuming that receiverAddress is a contract. This is because the receiverAddress could have custom strategies to repay the loan and fee. But if the receiverAddress uses its assetToken to redeem for tokens to repay the fee, then this calculation will be incorrect:

uint256 endingBalance = token.balanceOf(address(assetToken));
if (endingBalance < startingBalance + fee) {
revert ThunderLoan__NotPaidBack(startingBalance + fee, endingBalance);
}

It will fail to pass because the assetReceiver contract has withdrawn some tokens (because it is a lender) to repay the loan's fee.

Impact

assetReceiver contracts that redeems some assetToken to repay the loan's fee won't work.

Tools Used

Manual Review.

Recommendations

Include logic for cases where assetTokens were burned to pay for the fee.

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Vague generalities

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.