deposit() incorrectly calls updateExchangeRate() causing depositors to receive fewer AssetTokens than expected
Root + Impact
In ThunderLoan.deposit(), the function calls updateExchangeRate(fee) after minting AssetTokens to the depositor. This artificially inflates the exchange rate immediately after minting, meaning the depositor receives AssetTokens calculated at the old (lower) rate but the rate increases right away. When they later call redeem(), they get less underlying tokens than they deposited. Additionally, deposit() is not a flash loan operation and should never charge a fee.
Description
ThunderLoan protocol allows liquidity providers to deposit tokens and receive AssetTokens representing their share. The exchange rate between AssetTokens and underlying tokens should only increase when flash loan fees are collected. However, deposit() incorrectly calls updateExchangeRate(fee) after minting AssetTokens to the depositor. This means the exchange rate artificially increases immediately after every deposit, even though no flash loan occurred. As a result, the new depositor receives AssetTokens calculated at the pre-deposit rate, but when they call redeem(), the inflated rate causes them to receive fewer underlying tokens than they originally deposited, effectively losing funds. This is a design flaw where depositors are incorrectly charged a fee.
Risk
Likelihood:
Every time a liquidity provider calls deposit(), the exchange rate is incorrectly updated.
This happens on every single deposit without any special conditions required.
Impact:
Depositors receive fewer AssetTokens than they should relative to their deposit amount.
When they call redeem(), they receive less underlying tokens than they originally deposited, causing direct financial loss.
The protocol incorrectly charges fees on deposits which are not flash loan operations.
Proof of Concept
Add the following test to ThunderLoanTest.t.sol and run:
forge test --match-test testDepositUpdateExchangeRateHurtsDepositors -vvvv
Recommended Mitigation
Remove the updateExchangeRate() call from deposit(). The exchange rate should only be updated during flash loans when fees are actually collected, not during regular deposits.
Lead Judging Commences
[H-02] Updating exchange rate on token deposit will inflate asset token's exchange rate faster than expected
# Summary Exchange rate for asset token is updated on deposit. This means users can deposit (which will increase exchange rate), and then immediately withdraw more underlying tokens than they deposited. # Details Per documentation: > Liquidity providers can deposit assets into ThunderLoan and be given AssetTokens in return. **These AssetTokens gain interest over time depending on how often people take out flash loans!** Asset tokens gain interest when people take out flash loans with the underlying tokens. In current version of ThunderLoan, exchange rate is also updated when user deposits underlying tokens. This does not match with documentation and will end up causing exchange rate to increase on deposit. This will allow anyone who deposits to immediately withdraw and get more tokens back than they deposited. Underlying of any asset token can be completely drained in this manner. # Filename `src/protocol/ThunderLoan.sol` # Permalinks https://github.com/Cyfrin/2023-11-Thunder-Loan/blob/8539c83865eb0d6149e4d70f37a35d9e72ac7404/src/protocol/ThunderLoan.sol#L153-L154 # Impact Users can deposit and immediately withdraw more funds. Since exchange rate is increased on deposit, they will withdraw more funds then they deposited without any flash loans being taken at all. # Recommendations It is recommended to not update exchange rate on deposits and updated it only when flash loans are taken, as per documentation. ```diff function deposit(IERC20 token, uint256 amount) external revertIfZero(amount) revertIfNotAllowedToken(token) { AssetToken assetToken = s_tokenToAssetToken[token]; uint256 exchangeRate = assetToken.getExchangeRate(); uint256 mintAmount = (amount * assetToken.EXCHANGE_RATE_PRECISION()) / exchangeRate; emit Deposit(msg.sender, token, amount); assetToken.mint(msg.sender, mintAmount); - uint256 calculatedFee = getCalculatedFee(token, amount); - assetToken.updateExchangeRate(calculatedFee); token.safeTransferFrom(msg.sender, address(assetToken), amount); } ``` # POC ```solidity function testExchangeRateUpdatedOnDeposit() public setAllowedToken { tokenA.mint(liquidityProvider, AMOUNT); tokenA.mint(user, AMOUNT); // deposit some tokenA into ThunderLoan vm.startPrank(liquidityProvider); tokenA.approve(address(thunderLoan), AMOUNT); thunderLoan.deposit(tokenA, AMOUNT); vm.stopPrank(); // another user also makes a deposit vm.startPrank(user); tokenA.approve(address(thunderLoan), AMOUNT); thunderLoan.deposit(tokenA, AMOUNT); vm.stopPrank(); AssetToken assetToken = thunderLoan.getAssetFromToken(tokenA); // after a deposit, asset token's exchange rate has aleady increased // this is only supposed to happen when users take flash loans with underlying assertGt(assetToken.getExchangeRate(), 1 * assetToken.EXCHANGE_RATE_PRECISION()); // now liquidityProvider withdraws and gets more back because exchange // rate is increased but no flash loans were taken out yet // repeatedly doing this could drain all underlying for any asset token vm.startPrank(liquidityProvider); thunderLoan.redeem(tokenA, assetToken.balanceOf(liquidityProvider)); vm.stopPrank(); assertGt(tokenA.balanceOf(liquidityProvider), AMOUNT); } ```
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.