An attacker can manipulate the fee distribution in`LiquidationPoolManager`::`distributeFees` to claim most of the fees due to the use of balanceof() in the fee calculation
Summary
An attacker can manipulate the fee distribution inLiquidationPoolManager::distributeFees to claim most of the fees due to the use of balanceof() in the fee calculation.
uint256 _feesForPool = eurosToken.balanceOf(address(this)) * poolFeePercentage / HUNDRED_PC;
Vulnerability Details
uint256 _feesForPool = eurosToken.balanceOf(address(this)) * poolFeePercentage / HUNDRED_PC;
_feesForPool is using the balanceOf() eurosToken to calculate the fees for the pool. The use of balanceOf() is dynamic and manipulatable. If other functions in the contract can alter its EUROs balance, there could be a risk of manipulation where an attacker intentionally inflates or deflates the balance just before fees are distributed to affect the outcome.
Impact
An attacker will manipulate the calculation of the fees to inflate or deflate the balance of EURO just before fees are distributed to affect the outcome
Tools Used
Manual Review
Recommendations
Instead of relying on the contract's token balance to calculate fees, maintain a separate accounting of fees within the contract. This could be achieved by having a dedicated state variable that tracks the amount of fees accrued. Update this variable whenever fees are collected or distributed. This way, the distributeFees function can refer to this specific variable instead of the entire token balance.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.