Extraneous Code in Deposit Function Impacts Exchange Rate
Summary
Adding exchange rate update lines to the deposit function is atypical in ThunderLoan::depost, potentially introducing complexities and affecting exchange rate stability, which differs from standard protocols and may lead to unexpected issues.
Vulnerability Details
The unconventional inclusion of exchange rate update lines within the deposit function introduces a vulnerability that may complicate the process and disrupt exchange rate stability. This departure from standard practices in lending and borrowing protocols poses potential risks and impacts the predictability of the exchange rate, creating an area of concern.
Impact
The unconventional exchange rate update in the deposit function introduces complexity, jeopardizes exchange rate stability, and departs from standard practices, potentially causing user confusion, trust issues, and unforeseen operational problems.
POC
If the exchange rate is altered with every deposit, it will lead to an increment in the token price for new depositors. This means that users depositing funds into the system will receive fewer tokens for their assets, affecting the cost-effectiveness and attractiveness of the deposit process for new participants.
Tools Used
Manual review and Foundry
Recommendations
Remove the exchange rate update from the deposit function to align it with standard practices. The deposit function should focus on the core deposit operation without altering exchange rates.
In the upgrade these lines are already removed. So that will do.
Lead Judging Commences
can't redeem because of the update exchange rate
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.