First Flight #3: Thunder Loan

First Flight #3

Beginner FriendlyFoundryDeFiOracle

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Fee mechanism in `deposit` function in ThunderLoan contract is flawed.

tadev

Summary

Any liquidity provider is able to deposit allowed tokens through deposit function. By doing that, they will receive LP tokens representing their share of the total deposited tokens.
The amount of total deposited tokens may progressively increase with the flashloan activity of the protocol. Each time a user borrows tokens through flashloan function, 0.3% of the borrowed tokens needs to be pay to the protocol. During the flashloan process, the exchange rate between tokens and LP tokens needs to be updated, as there is now a bigger amount of tokens with an unchanged amount of LP tokens.

The current implementation also updates the exchange rate when a deposit is executed, which is problematic. Indeed, deposit function executes these 2 lines:

uint256 calculatedFee = getCalculatedFee(token, amount);

assetToken.updateExchangeRate(calculatedFee);

The first line will assign to calculatedFee some value, calculated (among others) with s_flashLoanFee value. This is definitely not appropriate as we are just talking about depositing funds here.
The 2nd line updates the exchange rate as if we were doing a flash loan.

Impact

The impact of this severity is HIGH as it results in a flawed mechanism of the protocol. Currently, each time a liquidity provider deposits funds into ThunderLoan contract, each LP is worth more underlying tokens than supposed.

For example, the first liquidity provider who deposits funds will get LP tokens in a 1-1 ratio (if the allowed token has 18 decimals like the AssetToken), and deposit function will increase the exchange rate. This means although no flashloan has been executed and after another liquidity provider deposits funds into the protocol, the first liquidity provider will be able to redeem more than he deposited. This is not supposed to happen.

Tools Used

Manual and Foundry

Recommendations

deposit function should be modified and shouldn't update the exchange rate. Therefore, i suggest to remove the 2 following lines of code :

uint256 calculatedFee = getCalculatedFee(token, amount);

assetToken.updateExchangeRate(calculatedFee);

This way, liquidity providers who want to deposit funds into the protocol will call deposit, get the current exchange rate, mint the good amount of LP tokens and finally send their tokens to the corresponding AssetToken contract.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

can't redeem because of the update exchange rate

Rewards breakdown

nSLOC

387

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.