Summary

Attacker can steal funds by taking a flash loan.

Vulnerability Details

Let's describe the vulnerability in the following scenario (note: Attacker = A malicious contract deployed by the attacker):

• Alice calls deposit and wants to deposit x amount of token A.

• Attacker is tracing the mempool and see the Alice transaction.

• Attacker calls flashloan with higher gas price (front-running the alice transaction) and borrows y amount of token A (y is less than x, for example if alice is depositing 1000 number of token A, attacker borrows 900)

• The attacker transaction will be executed first (due to higher gas price)

• flashloan function transfers the tokens to attacker contract and triggers the function executeOperation in attacker contract:

• Inside the executeOperation attacker has implmented a code that just keeps the transaction suspended for 1 minute (or more if needed) to make sure the alice transaction (deposit transaction) is executed (for example, a loop which checks 1 minute is passed)

• After 1 minute, executeOperation is finish and the attacker transaction will go back to flashloan at this line:

• According to that the alice transaction is executed during this 1 minute, so the balance of contract is increased by alice deposits, so the transaction of attacker will be successfully finished without the need for attacker to pays-back.

Impact

Loss of funds.

Tools Used

Manual Review

Recommendations

Add this line to deposit function:

The above line means: No one should be able to deposit token A, while token A is borrowed by a flashloan borrower.