Thunder Loan

AI First Flight #7

Beginner FriendlyFoundryDeFiOracle

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

deposit Uses Flash Loan Fee Formula to Inflate Exchange Rate — Depositors Receive Unearned Yield at Others' Expense

bamgboseoluwole83

Root + Impact

Description

Describe the normal behavior in one or more sentences
Explain the specific issue or problem in one or more sentences

# [H-#] `deposit` Uses Flash Loan Fee Formula to Inflate Exchange Rate — Depositors Receive Unearned Yield at Others' Expense

## Summary

The `deposit` function in `ThunderLoan.sol` incorrectly triggers a flash loan fee calculation logic sequence via `getCalculatedFee` during a normal liquidity addition operation. This computed fee is injected straight into `updateExchangeRate`, shifting the internal pool valuation metric upward as if a revenue-generating flash loan transaction occurred. Because a standard depositor adds baseline capital without paying an extra fee premium, this structural bug creates phantom yield out of thin air, permitting early depositors to siphon actual token balances from later pool entrants.

## Vulnerability Details

When evaluating a standard user entry inside `ThunderLoan.sol`, the implementation includes this erroneous fee interaction step:

```solidity

uint256 calculatedFee = getCalculatedFee(token, amount);

assetToken.updateExchangeRate(calculatedFee);

```

The underlying math formula inside `getCalculatedFee` is intentionally configured to penalize flash loan borrowers by checking external oracles and multiplying sizing parameters by a 0.3% flat rate protocol fee.

When a standard liquidity provider invokes `deposit`, they are simply providing token assets to secure corresponding pool shares. By calculating a borrow fee against this deposit principal and passing it into `updateExchangeRate`, the protocol increments the underlying exchange rate benchmark without receiving any corresponding token revenue. The pool's total implied value instantly eclipses its literal physical coin holdings. Existing share holders can immediately capitalize on this gap by withdrawing their capital at the newly inflated rate, extracting underlying tokens directly out of the pool's core reserves.

## Impact

**High.** The core automated accounting mechanism of the protocol is fundamentally broken. Early liquidity pool participants can exploit subsequent user deposits to reliably secure risk-free arbitrage profit, inducing economic insolvency and forcing late depositors to bear the structural financial deficit.

## Proof of Concept

Add the following test case to your suite to confirm the phantom fee inflation exploit:

```solidity

function test_DepositFeeInflation() public {

// 1. First depositor (Alice) enters the blank pool normally

vm.startPrank(alice);

token.approve(address(tl), 1000e18);

tl.deposit(token, 1000e18);

vm.stopPrank();

// Verify that phantom valuation inflation has immediately outpaced physical assets

uint256 impliedValue = assetToken.getExchangeRate() * assetToken.totalSupply() / 1e18;

uint256 actualBalance = token.balanceOf(address(assetToken));

assertGt(impliedValue, actualBalance);

// 2. Secondary depositor (Bob) adds liquidity and gets heavily diluted by the phantom rate

vm.startPrank(bob);

token.approve(address(tl), 1000e18);

uint256 bobShares = tl.deposit(token, 1000e18);

vm.stopPrank();

// 3. Alice immediately redeems her original share balance to cash out unearned yield

vm.startPrank(alice);

uint256 aliceShares = assetToken.balanceOf(alice);

uint256 aliceRedeemed = tl.redeem(token, aliceShares);

vm.stopPrank();

// Assert that Alice successfully extracted unearned profit at Bob's expense

assertGt(aliceRedeemed, 1000e18);

console.log("Value stolen from subsequent depositor:", aliceRedeemed - 1000e18);

}

```

## Tools Used

* Manual Code Review

## Recommendations

Completely eliminate the `getCalculatedFee` invocation and its corresponding `updateExchangeRate` callback statement from the standard user `deposit` function logic chain. Exchange rate adjustments should only execute when real, realized fees flow into the protocol from completed flash loan lifecycles:

```solidity

function deposit(IERC20 token, uint256 amount) external {

// 1. Maintain structural validation checks

// ...

// @audit-issue REMOVE: Do not call flash loan fee updates during normal liquidity deposits

// uint256 calculatedFee = getCalculatedFee(token, amount);

// assetToken.updateExchangeRate(calculatedFee);

// 2. Perform direct token minting and transfer routing

assetToken.mint(msg.sender, mintAmount);

assetToken.transferUnderlyingTo(msg.sender, amount);

}

```

// Root cause in the codebase with @> marks to highlight the relevant section

Risk

Likelihood:

Reason 1 // Describe WHEN this will occur (avoid using "if" statements)
Reason 2

Impact:

Impact 1
Impact 2

Proof of Concept

Recommended Mitigation

- remove this code

+ add this code

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 1 day ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-02] Updating exchange rate on token deposit will inflate asset token's exchange rate faster than expected

# Summary Exchange rate for asset token is updated on deposit. This means users can deposit (which will increase exchange rate), and then immediately withdraw more underlying tokens than they deposited. # Details Per documentation: > Liquidity providers can deposit assets into ThunderLoan and be given AssetTokens in return. **These AssetTokens gain interest over time depending on how often people take out flash loans!** Asset tokens gain interest when people take out flash loans with the underlying tokens. In current version of ThunderLoan, exchange rate is also updated when user deposits underlying tokens. This does not match with documentation and will end up causing exchange rate to increase on deposit. This will allow anyone who deposits to immediately withdraw and get more tokens back than they deposited. Underlying of any asset token can be completely drained in this manner. # Filename `src/protocol/ThunderLoan.sol` # Permalinks https://github.com/Cyfrin/2023-11-Thunder-Loan/blob/8539c83865eb0d6149e4d70f37a35d9e72ac7404/src/protocol/ThunderLoan.sol#L153-L154 # Impact Users can deposit and immediately withdraw more funds. Since exchange rate is increased on deposit, they will withdraw more funds then they deposited without any flash loans being taken at all. # Recommendations It is recommended to not update exchange rate on deposits and updated it only when flash loans are taken, as per documentation. ```diff function deposit(IERC20 token, uint256 amount) external revertIfZero(amount) revertIfNotAllowedToken(token) { AssetToken assetToken = s_tokenToAssetToken[token]; uint256 exchangeRate = assetToken.getExchangeRate(); uint256 mintAmount = (amount * assetToken.EXCHANGE_RATE_PRECISION()) / exchangeRate; emit Deposit(msg.sender, token, amount); assetToken.mint(msg.sender, mintAmount); - uint256 calculatedFee = getCalculatedFee(token, amount); - assetToken.updateExchangeRate(calculatedFee); token.safeTransferFrom(msg.sender, address(assetToken), amount); } ``` # POC ```solidity function testExchangeRateUpdatedOnDeposit() public setAllowedToken { tokenA.mint(liquidityProvider, AMOUNT); tokenA.mint(user, AMOUNT); // deposit some tokenA into ThunderLoan vm.startPrank(liquidityProvider); tokenA.approve(address(thunderLoan), AMOUNT); thunderLoan.deposit(tokenA, AMOUNT); vm.stopPrank(); // another user also makes a deposit vm.startPrank(user); tokenA.approve(address(thunderLoan), AMOUNT); thunderLoan.deposit(tokenA, AMOUNT); vm.stopPrank(); AssetToken assetToken = thunderLoan.getAssetFromToken(tokenA); // after a deposit, asset token's exchange rate has aleady increased // this is only supposed to happen when users take flash loans with underlying assertGt(assetToken.getExchangeRate(), 1 * assetToken.EXCHANGE_RATE_PRECISION()); // now liquidityProvider withdraws and gets more back because exchange // rate is increased but no flash loans were taken out yet // repeatedly doing this could drain all underlying for any asset token vm.startPrank(liquidityProvider); thunderLoan.redeem(tokenA, assetToken.balanceOf(liquidityProvider)); vm.stopPrank(); assertGt(tokenA.balanceOf(liquidityProvider), AMOUNT); } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!