First Flight #3: Thunder Loan
First Flight #3
Beginner FriendlyFoundryDeFiOracle
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect calculation of ```valueOfBorrowedToken``` inside ThunderLoan::getCalculatedFee() function due to wrong precision used.

shikhar229169

Summary

Incorrect calculation of valueOfBorrowedToken inside the ThunderLoan::getCalculatedFee() function will lead to calculation of incorrect value for fees. The precision used is fixed but as there will be various tokens in the protocol with different decimals then it will lead to wrong calculations.

Vulnerability Details

The calculation of valueOfBorrowedToken on the basis of a fixed precision will lead to wrong calculations as the tokens in the protocol will have different precisions, so having a fixed precision will lead to wrong calculation of fees and the exchange rate updations.

uint256 valueOfBorrowedToken = (amount * getPriceInWeth(address(token))) / s_feePrecision;

here s_feePrecision have a fixed value, but as different tokens can have different precisions, thus will lead to incorrect calculations for different tokens.

Impact

Incorrect calculations of fees and exchange rates, leading to less interest rates and less fees imposed on flash loan borrower.

Tools Used

Manual Review

Recommendations

To calculate the precision on the basis of the respective tokens.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

weak oracle

shikhar229169 Submitter
over 1 year ago
0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

flashloan with differing fees/prices for different decimal tokens

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.