First Flight #3: Thunder Loan
First Flight #3
Beginner FriendlyFoundryDeFiOracle
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Fee is not calculated correctly

bbcrypt

Summary

The fee is calculated on WETH conversion, and in flashloan it is expected as token

Vulnerability Details

function getCalculatedFee(IERC20 token, uint256 amount) public view returns (uint256 fee) {
// converts the value of the tokens in WETH
uint256 valueOfBorrowedToken = (amount * getPriceInWeth(address(token))) / s_feePrecision;
// calculate the fee percentage from the value in WETH
fee = (valueOfBorrowedToken * s_flashLoanFee) / s_feePrecision;
}

The above behaviour has 2 implications:

  • a flashloan with a token that has very small value to WETH will have a insignificant fee, that will not be 3% (as the initial state of the contract) from the borrowed amount

  • a flashloan with a token that has a big value to WETH( let's assume 1 token = 100 WETH) will require a extremely high fee. In this case, if we borrow 1 token, the returned fee is 3 -> valueOfBorrow = (1 * 100) / 1; fee = (100 * 3) / 100 = 3. So, after flashloaning 1 token, the user will have to return 4 tokens( 1amount + 3fee)

Impact

Low

Tools Used

Manual

Recommendations

Drop the conversion to WETH, and use following implemention:

function getCalculatedFee(uint256 amount) public view returns (uint256 fee) {
fee = (amount * s_flashLoanFee) / s_feePrecision;
}
Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

flashloan with differing fees/prices for different decimal tokens

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.