First Flight #3: Thunder Loan

First Flight #3

Beginner FriendlyFoundryDeFiOracle

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

[H-1] Decimal Mismatch Fee Calculation

Dutch

Summary

Hardcoded Token Decimals May Cause Incorrect Fee Calculations

Vulnerability Details

In ThunderLoan.sol:73, the contract hardcodes the value of s_feePrecision to 1e18, which assumes that all tokens operate with 18 decimals. This could lead to significant discrepancies in fee calculations for tokens that use a different number of decimals.

function initialize(address tswapAddress) external initializer {

// @audit-issue [H-3] Variable 'tswapAddress' is not declared anywhere

__Ownable_init();

__UUPSUpgradeable_init();

__Oracle_init(tswapAddress); // tswapaddress = poolfactory address

// @audit-issue [H-1] Decimals should not be hardcoded since some tokens are using different decimals instead of the hardcoded 18

s_feePrecision = 1e18;

s_flashLoanFee = 3e15; // 0.3% ETH fee

}

Impact

Loss of funds for the protocol
Fees being overpaid or underpaid

Tools Used

Manual Review
Vs Code

Recommendations

Update Fee Calculation: Refactor the getCalculatedFee function to calculate fees using the token’s decimals() method, if available, or by storing and referencing the appropriate decimal value for each supported token.

Possible fix:

function getCalculatedFee(IERC20 token, uint256 amount) public view returns (uint256 fee) {

// Get the price of the borrowed token in WETH.

uint256 pricePerToken = getPriceInWeth(address(token));

// Adjust the borrowed amount for token's decimals.

uint256 adjustedAmount = adjustForTokenDecimals(amount, token.decimals());

// Calculate the value of the borrowed amount in terms of WETH.

uint256 valueOfBorrowedToken = (adjustedAmount * pricePerToken) / s_feePrecision;

// Calculate the fee based on the value of the borrowed token.

fee = (valueOfBorrowedToken * s_flashLoanFee) / s_feePrecision;

}

function adjustForTokenDecimals(uint256 amount, uint8 tokenDecimals) internal pure returns (uint256) {

if (tokenDecimals == 18) {

return amount; // No adjustment needed for 18-decimal tokens

} else if (tokenDecimals < 18) {

return amount * 10**(18 - tokenDecimals); // Adjust for tokens with fewer decimals

} else {

return amount / 10**(tokenDecimals - 18); // Adjust for tokens with more than 18 decimals

}

Updates

Lead Judging Commences

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

flashloan with differing fees/prices for different decimal tokens

Rewards breakdown

nSLOC

387

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.