First Flight #3: Thunder Loan

First Flight #3

Beginner FriendlyFoundryDeFiOracle

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

There should be check on the redeem function that the caller isn't trying to redeem more than the assetTokens they have

happyformerlawyer

Summary

The redeem function allows you to put any amount that can be held in a uint256 in as the amount of assetTokens you want to redeem. The only restriction is that if you put type(uint256).max, it is reset to your balance of assetTokens. But there is no reason for people to try to withdraw more than what they have and allowing them to put in a huge number (possibly less than the max of uint256 but still enough to overflow when the exchange rate is applied) could create problems.

Vulnerability Details

function redeem(

IERC20 token,

uint256 amountOfAssetToken

) external revertIfZero(amountOfAssetToken) revertIfNotAllowedToken(token) {

AssetToken assetToken = s_tokenToAssetToken[token];

uint256 exchangeRate = assetToken.getExchangeRate();

if (amountOfAssetToken == type(uint256).max) {

amountOfAssetToken = assetToken.balanceOf(msg.sender);

}

uint256 amountUnderlying = (amountOfAssetToken * exchangeRate) /

assetToken.EXCHANGE_RATE_PRECISION(); //WRONG CALCULATION

emit Redeemed(msg.sender, token, amountOfAssetToken, amountUnderlying);

assetToken.burn(msg.sender, amountOfAssetToken);

assetToken.transferUnderlyingTo(msg.sender, amountUnderlying);

}

Impact

Generally it is better to prevent people from being able to use unexpected inputs in your functions.

Tools Used

Manual review

Recommendations

Add the following check as the second line of the redeem function:

if(amountofAssetToken > assetToken.balanceOf(msg.sender) {

revert ThunderLoan__InsufficientAssetTokens()};

Also add an error ThunderLoan__InsufficientAssetTokens();

Updates

Lead Judging Commences

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Rewards breakdown

nSLOC

387

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.