The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

A user can front run distributefees to earn more fees than anticipated

Cryptor

Summary

A user can front run distributefees to earn more fees than anticipated

Vulnerability Details

The function distributefees calculates the amount of fees to distribute to each holder based on their TST positions. This is done after the funds are received by the manager

function distributeFees(uint256 _amount) external onlyManager {
uint256 tstTotal = getTstTotal();
if (tstTotal > 0) {
IERC20(EUROs).safeTransferFrom(msg.sender, address(this), _amount);
for (uint256 i = 0; i < holders.length; i++) {
address _holder = holders[i];
positions[_holder].EUROs += _amount * positions[_holder].TST / tstTotal;
}
for (uint256 i = 0; i < pendingStakes.length; i++) {
pendingStakes[i].EUROs += _amount * pendingStakes[i].TST / tstTotal;
}
}
}

The problem here is that the the fee calculation is based on a holder's TST position. It opens the door for a front running attack by calling the function increaseposition before the manager calls distributefees. This is because fees are accrued even for positions that are pending

for (uint256 i = 0; i < pendingStakes.length; i++) {
pendingStakes[i].EUROs += _amount * pendingStakes[i].TST / tstTotal;
}

This create a scenario where a user can either call decreaseposition to rebalance his portfolio and then increase the TST position or simply add more funds to his TST position before the manager calls distributefees.

Exploit Scenario:

Let's assume the total TST across all holders (tstTotal) is 1,000 TST.
A user, Alice, initially holds 100 TST, which is 10% of the total TST.
The manager is about to distribute 100 EUROs as fees.

Before the distribution, Alice's share of the fees would be calculated as 10% of 100 EUROs (since she holds 10% of the total TST), which amounts to 10 EUROs.

Increasing TST Position: Alice anticipates the fee distribution and decides to increase her TST position just before the distributeFees call. She increases her TST holding by 150 TST, bringing her total to 250 TST.
New Total TST: The new total TST in the system is 1,150 TST.
Manager Calls distributeFees: The manager then calls distributeFees to distribute 100 EUROs.

After Alice’s increase after frontrunning the manager, her stake in the total TST is now
250/1150 ≈21.74%.

Her share of the 100 EUROs fee distribution is now approximately
21.74%×100= 21.74 EUROs.

Outcome
By front-running the distributeFees function, Alice has increased her fee share from 10 EUROs to approximately 21.74 EUROs.
This represents more than double the fees she would have received without increasing her position.

After receiving the higher fee, Alice can call decreasePosition after the deadline has passed to revert her TST holding back to its original level (or lower), thereby locking in her disproportionately high fee gain.

Impact

A user can earn more fees than expected due to front running

Tools Used

manual review

Recommendations

Since the manager is trusted, there should be a function to give the manager the ability to pause increasing/decreasing positions. An alternative mitigation would be put decreasingposition requests in a queue like for increasing positions

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

frontrun-distrubutefees

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

frontrun-feedist-low

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.