Summary
When someone deposits tokens into the protocol 'ThunderLoan::deposit' the 'AssetToken::updateExchangeRate' function is called and updated with a new value. As per the documentation, the interest rate should only be updated depending on how often people take out flash loans.
Vulnerability Details
Because the exchange rate is updated every time someone deposits tokens, this can lead to increased interest rates without anyone taking out a flash loan.
function deposit(IERC20 token, uint256 amount) external revertIfZero(amount) revertIfNotAllowedToken(token) {
AssetToken assetToken = s_tokenToAssetToken[token];
uint256 exchangeRate = assetToken.getExchangeRate();
uint256 mintAmount = (amount * assetToken.EXCHANGE_RATE_PRECISION()) / exchangeRate;
emit Deposit(msg.sender, token, amount);
assetToken.mint(msg.sender, mintAmount);
@> uint256 calculatedFee = getCalculatedFee(token, amount);
@> assetToken.updateExchangeRate(calculatedFee);
token.safeTransferFrom(msg.sender, address(assetToken), amount);
}
Impact
Increased interest rates without anyone taking out a flash loan. As per the documentation, interest rates should only increase as flash loans are taken out.
Tools Used
-Foundry
Recommendations
It would be suggested to remove these lines from the deposit function.
function deposit(IERC20 token, uint256 amount) external revertIfZero(amount) revertIfNotAllowedToken(token) {
AssetToken assetToken = s_tokenToAssetToken[token];
uint256 exchangeRate = assetToken.getExchangeRate();
uint256 mintAmount = (amount * assetToken.EXCHANGE_RATE_PRECISION()) / exchangeRate;
emit Deposit(msg.sender, token, amount);
assetToken.mint(msg.sender, mintAmount);
- uint256 calculatedFee = getCalculatedFee(token, amount);
- assetToken.updateExchangeRate(calculatedFee);
token.safeTransferFrom(msg.sender, address(assetToken), amount);
}