Beginner FriendlyFoundryDeFiOracle
100 EXP
View results
Submission Details
Severity: low
Invalid

There should be check on the redeem function that the caller isn't trying to redeem more than the assetTokens they have

Summary

The redeem function allows you to put any amount that can be held in a uint256 in as the amount of assetTokens you want to redeem. The only restriction is that if you put type(uint256).max, it is reset to your balance of assetTokens. But there is no reason for people to try to withdraw more than what they have and allowing them to put in a huge number (possibly less than the max of uint256 but still enough to overflow when the exchange rate is applied) could create problems.

Vulnerability Details

function redeem(
IERC20 token,
uint256 amountOfAssetToken
) external revertIfZero(amountOfAssetToken) revertIfNotAllowedToken(token) {
AssetToken assetToken = s_tokenToAssetToken[token];
uint256 exchangeRate = assetToken.getExchangeRate();
if (amountOfAssetToken == type(uint256).max) {
amountOfAssetToken = assetToken.balanceOf(msg.sender);
}
uint256 amountUnderlying = (amountOfAssetToken * exchangeRate) /
assetToken.EXCHANGE_RATE_PRECISION(); //WRONG CALCULATION
emit Redeemed(msg.sender, token, amountOfAssetToken, amountUnderlying);
assetToken.burn(msg.sender, amountOfAssetToken);
assetToken.transferUnderlyingTo(msg.sender, amountUnderlying);
}

Impact

Generally it is better to prevent people from being able to use unexpected inputs in your functions.

Tools Used

Manual review

Recommendations

Add the following check as the second line of the redeem function:

if(amountofAssetToken > assetToken.balanceOf(msg.sender) {
revert ThunderLoan__InsufficientAssetTokens()};

Also add an error ThunderLoan__InsufficientAssetTokens();

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.