First Flight #3: Thunder Loan

First Flight #3

Beginner FriendlyFoundryDeFiOracle

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Add a post check to deposit, redeem, and flashloan to confirm that the value of one asset token share has not decreased as a result of the transaction

happyformerlawyer

Summary

The value of a share in the vault (ie, one asset token) should never decrease as the result of a deposit, redemption, or flash loan. (In the case of a flash loan, it should always increase.) The value of one asset token is equal to TotalAssets (total underlying tokens in the AssetToken contract) / TotalSupply (number of outstanding asset tokens or shares). The number of asset token shares and the number of underlying tokens in the vault can decrease or increase (depending on deposits, redemptions, and flash loans), but the value of each asset token share should not decrease.

To prevent any funny business, you can add post checks to the end of these functions that the value of one asset token has not decreased (or, in the case of flashloan, that it has increased). This would prevent an attacker from, e.g., exploiting a reentrancy to drain all the underlying tokens.

Impact

This gives extra security in case you overlook a bug that could otherwise be exploited by enforcing an invariant.

Tools Used

Manual review
Foundry

Recommendations

Add post checks to deposit, redeem, and flash loan. Make these changes:

Add a TotalAssets function to AssetToken.sol:

function totalAssets() public view returns(uint256) {

return i_underlying.balanceOf(address(this));

}

Then for deposit, redeem, and flash loan, add the following at the beginning of the function to get the initial value of an asset token before the transaction:

uint256 initialAssetTokenValue = ((assetToken.TotalAsset() * FEE_PRECISION)/assetToken.totalSupply());

Then, at the end of the deposit and redeem functions, add:

uint256 endingAssetTokenVaule = ((assetToken.TotalAsset() * FEE_PRECISION)/assetToken.totalSupply());

if (endingAssetTokenValue < initialAssetTokenValue) {

revert ThunderLoan__AssetTokenValueCantDecrease()};

And, at the end of the flash loan function, add this to make sure the flash loan increase the value of each asset token share:

uint256 endingAssetTokenVaule = ((assetToken.TotalAsset() * FEE_PRECISION)/assetToken.totalSupply());

if (endingAssetTokenValue <= initialAssetTokenValue) {

revert ThunderLoan__AssetTokenValueMustIncrease()};

Updates

Lead Judging Commences

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Rewards breakdown

nSLOC

387

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.