deposit() inflates exchange rate without backing — drains later LP deposits
Title: deposit() inflates exchange rate without backing — drains later LP deposits
Impact: High. First depositor extracts value from all subsequent LP deposits.
Likelihood: High. Deterministic — every deposit in original ThunderLoan triggers inflation.
Reference Files: repos/src/protocol/ThunderLoan.sol:147-156, repos/src/protocol/AssetToken.sol:80-96
Description
Original deposit() calls assetToken.updateExchangeRate(calculatedFee) treating the user's deposit amount as if it were a flash loan fee. The exchange rate formula in AssetToken multiplies by (totalSupply + fee) / totalSupply, increasing the rate. However, this calculatedFee is a virtual number — no actual fee tokens are collected at this point because safeTransferFrom runs after the rate update. The rate rises based on imagined revenue, and later depositors receive fewer AssetTokens per underlying token. ThunderLoanUpgraded correctly removes the updateExchangeRate call from deposit().
Because updateExchangeRate in AssetToken is onlyThunderLoan and uses totalSupply() in its formula, the inflation is proportional to the deposit size relative to existing supply — the first depositor captures the maximum benefit.
Risk
Impact: High. The first depositor for any token pair can extract value from every subsequent LP. The attacker deposits, rate inflates on virtual fees, later LPs get proportionally fewer AssetTokens, and the attacker redeems at the inflated rate, pocketing the difference from victim deposits.
Likelihood: High. The attack requires only being first to deposit for a token — a front-run or simply deploying before others. The bug exists in every call to the original deposit().
With a 100 ETH attacker deposit and 10,000 ETH in subsequent victim deposits, the attacker's redemption extracts approximately 30 ETH from victims — the 0.3% virtual fee multiplied across the victim pool.
Proof of Concept
Even a single 1-wei deposit inflates the exchange rate above the starting value of 1e18, confirming the bug is triggered on every deposit call.
Recommended Mitigation
Remove updateExchangeRate from deposit() — as already done in ThunderLoanUpgraded. The exchange rate should only increase when real flash loan fees are collected during flashloan() execution, where the fee actually arrives before the rate is updated.
Lead Judging Commences
[H-02] Updating exchange rate on token deposit will inflate asset token's exchange rate faster than expected
# Summary Exchange rate for asset token is updated on deposit. This means users can deposit (which will increase exchange rate), and then immediately withdraw more underlying tokens than they deposited. # Details Per documentation: > Liquidity providers can deposit assets into ThunderLoan and be given AssetTokens in return. **These AssetTokens gain interest over time depending on how often people take out flash loans!** Asset tokens gain interest when people take out flash loans with the underlying tokens. In current version of ThunderLoan, exchange rate is also updated when user deposits underlying tokens. This does not match with documentation and will end up causing exchange rate to increase on deposit. This will allow anyone who deposits to immediately withdraw and get more tokens back than they deposited. Underlying of any asset token can be completely drained in this manner. # Filename `src/protocol/ThunderLoan.sol` # Permalinks https://github.com/Cyfrin/2023-11-Thunder-Loan/blob/8539c83865eb0d6149e4d70f37a35d9e72ac7404/src/protocol/ThunderLoan.sol#L153-L154 # Impact Users can deposit and immediately withdraw more funds. Since exchange rate is increased on deposit, they will withdraw more funds then they deposited without any flash loans being taken at all. # Recommendations It is recommended to not update exchange rate on deposits and updated it only when flash loans are taken, as per documentation. ```diff function deposit(IERC20 token, uint256 amount) external revertIfZero(amount) revertIfNotAllowedToken(token) { AssetToken assetToken = s_tokenToAssetToken[token]; uint256 exchangeRate = assetToken.getExchangeRate(); uint256 mintAmount = (amount * assetToken.EXCHANGE_RATE_PRECISION()) / exchangeRate; emit Deposit(msg.sender, token, amount); assetToken.mint(msg.sender, mintAmount); - uint256 calculatedFee = getCalculatedFee(token, amount); - assetToken.updateExchangeRate(calculatedFee); token.safeTransferFrom(msg.sender, address(assetToken), amount); } ``` # POC ```solidity function testExchangeRateUpdatedOnDeposit() public setAllowedToken { tokenA.mint(liquidityProvider, AMOUNT); tokenA.mint(user, AMOUNT); // deposit some tokenA into ThunderLoan vm.startPrank(liquidityProvider); tokenA.approve(address(thunderLoan), AMOUNT); thunderLoan.deposit(tokenA, AMOUNT); vm.stopPrank(); // another user also makes a deposit vm.startPrank(user); tokenA.approve(address(thunderLoan), AMOUNT); thunderLoan.deposit(tokenA, AMOUNT); vm.stopPrank(); AssetToken assetToken = thunderLoan.getAssetFromToken(tokenA); // after a deposit, asset token's exchange rate has aleady increased // this is only supposed to happen when users take flash loans with underlying assertGt(assetToken.getExchangeRate(), 1 * assetToken.EXCHANGE_RATE_PRECISION()); // now liquidityProvider withdraws and gets more back because exchange // rate is increased but no flash loans were taken out yet // repeatedly doing this could drain all underlying for any asset token vm.startPrank(liquidityProvider); thunderLoan.redeem(tokenA, assetToken.balanceOf(liquidityProvider)); vm.stopPrank(); assertGt(tokenA.balanceOf(liquidityProvider), AMOUNT); } ```
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.