Summary

The use of local functions ThunderLoan::deposit->updateExchangeRate & ThunderLoan::flashloan->updateExchangeRate may allow attackers to manipulate exchange rates, recommending reliance on decentralized price feeds, such as Chainlink, for enhanced security.

Vulnerability Details

The ThunderLoan::deposit->updateExchangeRate & ThunderLoan::flashloan->updateExchangeRate function calculates the exchange rate using local or internal functions, which could potentially be manipulated or exploited by attackers. It is recommended to use decentralized price feeds, such as Chainlink, for more reliable and secure price information.

Impact

The vulnerability could allow attackers to manipulate or exploit exchange rate calculations

Tools Used

• Foundry

• Manual review

Recommendations

Utilize Decentralized Price Feeds: To mitigate potential vulnerabilities in the exchange rate calculation, consider utilizing decentralized price feeds from reliable sources such as Chainlink. This will provide more trustworthy and secure pricing information.

Ref: https://docs.chain.link/data-feeds/price-feeds