Thunder Loan

AI First Flight #7

Beginner FriendlyFoundryDeFiOracle

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Exchange Rate Inflation in `deposit()` - Fee Calculated But Never Collected

muzammilmohammed678

Root + Impact

Description

The `deposit()` function calculates a fee using `getCalculatedFee()` and updates the exchange rate with this fee, but the fee is never actually collected from the user. The user only transfers the deposit amount, not the deposit amount plus the fee. This causes the exchange rate to artificially inflate without any corresponding fee payment, diluting the value of existing depositors' AssetTokens.

The `deposit()` function in both `ThunderLoan.sol` and `ThunderLoanUpgraded.sol` calculates a fee and updates the exchange rate, but never collects this fee:

```solidity

function deposit(IERC20 token, uint256 amount) external revertIfZero(amount) revertIfNotAllowedToken(token) {

AssetToken assetToken = s_tokenToAssetToken[token];

uint256 exchangeRate = assetToken.getExchangeRate();

uint256 mintAmount = (amount * assetToken.EXCHANGE_RATE_PRECISION()) / exchangeRate;

emit Deposit(msg.sender, token, amount);

assetToken.mint(msg.sender, mintAmount);

uint256 calculatedFee = getCalculatedFee(token, amount); // @> Fee is calculated
```
assetToken.updateExchangeRate(calculatedFee);  *// @> Exchange rate is updated with fee*
```
token.safeTransferFrom(msg.sender, address(assetToken), amount); // @> But only amount is transferred, not amount + fee

}

```

The exchange rate update formula in `AssetToken.updateExchangeRate()` is:

```solidity

uint256 newExchangeRate = s_exchangeRate * (totalSupply() + fee) / totalSupply();

```

This formula assumes the fee has been added to the protocol's reserves, but since the fee is never collected, the exchange rate increases without any corresponding increase in underlying assets. This means:

1. New depositors get fewer AssetTokens than they should

2. Existing depositors' AssetTokens become worth less in underlying tokens than they should be

3. The protocol's accounting becomes incorrect

Risk

Likelihood:

* This occurs on every deposit transaction - the fee is calculated and exchange rate updated, but fee is never collected

* The issue is present in both the original `ThunderLoan.sol` and `ThunderLoanUpgraded.sol` contracts

* No special conditions are required - this is the normal execution path for deposits

Impact:

* Exchange rate artificially inflates without corresponding asset increase, diluting all depositors

* Protocol accounting becomes incorrect - exchange rate suggests more value exists than actually does

* Users who deposit later receive fewer AssetTokens than they should for their deposit amount

* Users who deposited earlier see their AssetToken value decrease relative to what they should receive

Proof of Concept

```solidity

// Scenario:

// 1. Initial state: totalSupply = 1000e18, exchangeRate = 1e18, underlying = 1000e18

// 2. User deposits 100e18 tokens

// 3. Fee calculated: 0.3e18 (example)

// 4. Exchange rate updated: newRate = 1e18 * (1000e18 + 0.3e18) / 1000e18 = 1.0003e18

// 5. But only 100e18 is transferred, not 100.3e18

// 6. Result: exchangeRate = 1.0003e18, but underlying = 1100e18 (not 1100.3e18)

// 7. When user redeems, they get: 100e18 * 1.0003e18 / 1e18 = 100.03e18 (but only 100e18 exists per their deposit)

// 8. This creates a deficit that affects all other depositors

```

Recommended Mitigation

Remove the fee calculation and exchange rate update from `deposit()`. Deposits should not generate fees - only flash loans should:

```diff

function deposit(IERC20 token, uint256 amount) external revertIfZero(amount) revertIfNotAllowedToken(token) {

AssetToken assetToken = s_tokenToAssetToken[token];

uint256 exchangeRate = assetToken.getExchangeRate();

uint256 mintAmount = (amount * assetToken.EXCHANGE_RATE_PRECISION()) / exchangeRate;

emit Deposit(msg.sender, token, amount);

assetToken.mint(msg.sender, mintAmount);

- uint256 calculatedFee = getCalculatedFee(token, amount);

- assetToken.updateExchangeRate(calculatedFee);

token.safeTransferFrom(msg.sender, address(assetToken), amount);

}

```

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 16 days ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Updating exchange rate on token deposit will inflate asset token's exchange rate faster than expected

# Summary Exchange rate for asset token is updated on deposit. This means users can deposit (which will increase exchange rate), and then immediately withdraw more underlying tokens than they deposited. # Details Per documentation: > Liquidity providers can deposit assets into ThunderLoan and be given AssetTokens in return. **These AssetTokens gain interest over time depending on how often people take out flash loans!** Asset tokens gain interest when people take out flash loans with the underlying tokens. In current version of ThunderLoan, exchange rate is also updated when user deposits underlying tokens. This does not match with documentation and will end up causing exchange rate to increase on deposit. This will allow anyone who deposits to immediately withdraw and get more tokens back than they deposited. Underlying of any asset token can be completely drained in this manner. # Filename `src/protocol/ThunderLoan.sol` # Permalinks https://github.com/Cyfrin/2023-11-Thunder-Loan/blob/8539c83865eb0d6149e4d70f37a35d9e72ac7404/src/protocol/ThunderLoan.sol#L153-L154 # Impact Users can deposit and immediately withdraw more funds. Since exchange rate is increased on deposit, they will withdraw more funds then they deposited without any flash loans being taken at all. # Recommendations It is recommended to not update exchange rate on deposits and updated it only when flash loans are taken, as per documentation. ```diff function deposit(IERC20 token, uint256 amount) external revertIfZero(amount) revertIfNotAllowedToken(token) { AssetToken assetToken = s_tokenToAssetToken[token]; uint256 exchangeRate = assetToken.getExchangeRate(); uint256 mintAmount = (amount * assetToken.EXCHANGE_RATE_PRECISION()) / exchangeRate; emit Deposit(msg.sender, token, amount); assetToken.mint(msg.sender, mintAmount); - uint256 calculatedFee = getCalculatedFee(token, amount); - assetToken.updateExchangeRate(calculatedFee); token.safeTransferFrom(msg.sender, address(assetToken), amount); } ``` # POC ```solidity function testExchangeRateUpdatedOnDeposit() public setAllowedToken { tokenA.mint(liquidityProvider, AMOUNT); tokenA.mint(user, AMOUNT); // deposit some tokenA into ThunderLoan vm.startPrank(liquidityProvider); tokenA.approve(address(thunderLoan), AMOUNT); thunderLoan.deposit(tokenA, AMOUNT); vm.stopPrank(); // another user also makes a deposit vm.startPrank(user); tokenA.approve(address(thunderLoan), AMOUNT); thunderLoan.deposit(tokenA, AMOUNT); vm.stopPrank(); AssetToken assetToken = thunderLoan.getAssetFromToken(tokenA); // after a deposit, asset token's exchange rate has aleady increased // this is only supposed to happen when users take flash loans with underlying assertGt(assetToken.getExchangeRate(), 1 * assetToken.EXCHANGE_RATE_PRECISION()); // now liquidityProvider withdraws and gets more back because exchange // rate is increased but no flash loans were taken out yet // repeatedly doing this could drain all underlying for any asset token vm.startPrank(liquidityProvider); thunderLoan.redeem(tokenA, assetToken.balanceOf(liquidityProvider)); vm.stopPrank(); assertGt(tokenA.balanceOf(liquidityProvider), AMOUNT); } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!