Thunder Loan

AI First Flight #7
Beginner FriendlyFoundryDeFiOracle
EXP
View results
Submission Details
Severity: high
Valid

# `deposit()` inflates the exchange rate as if a fee was earned, making liquidity unredeemable

deposit() inflates the exchange rate as if a fee was earned, making liquidity unredeemable

Severity: High · Impact: High · Likelihood: High

Description

  • The AssetToken exchange rate should only rise when the pool actually earns flash-loan fees — that is what represents interest accruing to LPs, and the rate governs how much underlying each AssetToken redeems for.

  • ThunderLoan.deposit() calls assetToken.updateExchangeRate(calculatedFee) on every deposit, bumping the rate as though a fee had been collected. But a deposit brings in only principal, not a fee, so the rate now claims each AssetToken is worth more underlying than the pool actually holds.

function deposit(IERC20 token, uint256 amount) external ... {
AssetToken assetToken = s_tokenToAssetToken[token];
...
assetToken.mint(msg.sender, mintAmount);
uint256 calculatedFee = getCalculatedFee(token, amount);
@> assetToken.updateExchangeRate(calculatedFee); // raises the rate with no fee actually earned
token.safeTransferFrom(msg.sender, address(assetToken), amount);
}

Risk

Likelihood:

  • Occurs on every single deposit() — the inflation is unconditional and compounds with each deposit.

Impact:

  • The exchange rate exceeds the pool's real backing, so redemptions compute more underlying than exists: early redeemers over-withdraw and the last LPs cannot redeem at all (their redeem() reverts for insufficient balance) — funds are permanently stuck / the pool is rendered insolvent.

Proof of Concept

Save the block below as test/PocH3.t.sol and run forge test --mt test_plain_deposit_inflates_rate_and_blocks_redeem -vv. A single deposit raises the rate from 1e18 to 1.003e18, and the depositor cannot even redeem their own deposit.

// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;
import { Test, console } from "forge-std/Test.sol";
import { ThunderLoan } from "../src/protocol/ThunderLoan.sol";
import { AssetToken } from "../src/protocol/AssetToken.sol";
import { ERC20Mock } from "@openzeppelin/contracts/mocks/ERC20Mock.sol";
import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { MockPoolFactory } from "./mocks/MockPoolFactory.sol";
import { ERC1967Proxy } from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
contract PocH3 is Test {
ThunderLoan thunderLoan;
ERC20Mock token;
address lp = makeAddr("lp");
function setUp() public {
ThunderLoan impl = new ThunderLoan();
MockPoolFactory factory = new MockPoolFactory();
token = new ERC20Mock();
factory.createPool(address(token));
ERC1967Proxy proxy = new ERC1967Proxy(address(impl), "");
thunderLoan = ThunderLoan(address(proxy));
thunderLoan.initialize(address(factory));
thunderLoan.setAllowedToken(IERC20(address(token)), true);
}
function test_plain_deposit_inflates_rate_and_blocks_redeem() public {
AssetToken assetToken = thunderLoan.getAssetFromToken(IERC20(address(token)));
assertEq(assetToken.getExchangeRate(), 1e18);
uint256 amount = 1000e18;
token.mint(lp, amount);
vm.startPrank(lp);
token.approve(address(thunderLoan), amount);
thunderLoan.deposit(IERC20(address(token)), amount); // NO flash loan occurred
vm.stopPrank();
console.log("rate after deposit:", assetToken.getExchangeRate()); // 1.003e18
assertGt(assetToken.getExchangeRate(), 1e18); // inflated with no backing
// Pool holds exactly `amount`, but the LP is now owed amount * 1.003 -> redeem reverts.
assertEq(token.balanceOf(address(assetToken)), amount);
vm.prank(lp);
vm.expectRevert();
thunderLoan.redeem(IERC20(address(token)), type(uint256).max);
}
}

Recommended Mitigation

Do not update the exchange rate on deposits; only flashloan() (which actually collects a fee) should raise it.

function deposit(IERC20 token, uint256 amount) external revertIfZero(amount) revertIfNotAllowedToken(token) {
AssetToken assetToken = s_tokenToAssetToken[token];
uint256 exchangeRate = assetToken.getExchangeRate();
uint256 mintAmount = (amount * assetToken.EXCHANGE_RATE_PRECISION()) / exchangeRate;
emit Deposit(msg.sender, token, amount);
assetToken.mint(msg.sender, mintAmount);
- uint256 calculatedFee = getCalculatedFee(token, amount);
- assetToken.updateExchangeRate(calculatedFee);
token.safeTransferFrom(msg.sender, address(assetToken), amount);
}

(Note: ThunderLoanUpgraded already removes this line, so the fix should also be applied to the current ThunderLoan contract.)

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago
Submission Judgement Published
Validated
Assigned finding tags:

[H-02] Updating exchange rate on token deposit will inflate asset token's exchange rate faster than expected

# Summary Exchange rate for asset token is updated on deposit. This means users can deposit (which will increase exchange rate), and then immediately withdraw more underlying tokens than they deposited. # Details Per documentation: > Liquidity providers can deposit assets into ThunderLoan and be given AssetTokens in return. **These AssetTokens gain interest over time depending on how often people take out flash loans!** Asset tokens gain interest when people take out flash loans with the underlying tokens. In current version of ThunderLoan, exchange rate is also updated when user deposits underlying tokens. This does not match with documentation and will end up causing exchange rate to increase on deposit. This will allow anyone who deposits to immediately withdraw and get more tokens back than they deposited. Underlying of any asset token can be completely drained in this manner. # Filename `src/protocol/ThunderLoan.sol` # Permalinks https://github.com/Cyfrin/2023-11-Thunder-Loan/blob/8539c83865eb0d6149e4d70f37a35d9e72ac7404/src/protocol/ThunderLoan.sol#L153-L154 # Impact Users can deposit and immediately withdraw more funds. Since exchange rate is increased on deposit, they will withdraw more funds then they deposited without any flash loans being taken at all. # Recommendations It is recommended to not update exchange rate on deposits and updated it only when flash loans are taken, as per documentation. ```diff function deposit(IERC20 token, uint256 amount) external revertIfZero(amount) revertIfNotAllowedToken(token) { AssetToken assetToken = s_tokenToAssetToken[token]; uint256 exchangeRate = assetToken.getExchangeRate(); uint256 mintAmount = (amount * assetToken.EXCHANGE_RATE_PRECISION()) / exchangeRate; emit Deposit(msg.sender, token, amount); assetToken.mint(msg.sender, mintAmount); - uint256 calculatedFee = getCalculatedFee(token, amount); - assetToken.updateExchangeRate(calculatedFee); token.safeTransferFrom(msg.sender, address(assetToken), amount); } ``` # POC ```solidity function testExchangeRateUpdatedOnDeposit() public setAllowedToken { tokenA.mint(liquidityProvider, AMOUNT); tokenA.mint(user, AMOUNT); // deposit some tokenA into ThunderLoan vm.startPrank(liquidityProvider); tokenA.approve(address(thunderLoan), AMOUNT); thunderLoan.deposit(tokenA, AMOUNT); vm.stopPrank(); // another user also makes a deposit vm.startPrank(user); tokenA.approve(address(thunderLoan), AMOUNT); thunderLoan.deposit(tokenA, AMOUNT); vm.stopPrank(); AssetToken assetToken = thunderLoan.getAssetFromToken(tokenA); // after a deposit, asset token's exchange rate has aleady increased // this is only supposed to happen when users take flash loans with underlying assertGt(assetToken.getExchangeRate(), 1 * assetToken.EXCHANGE_RATE_PRECISION()); // now liquidityProvider withdraws and gets more back because exchange // rate is increased but no flash loans were taken out yet // repeatedly doing this could drain all underlying for any asset token vm.startPrank(liquidityProvider); thunderLoan.redeem(tokenA, assetToken.balanceOf(liquidityProvider)); vm.stopPrank(); assertGt(tokenA.balanceOf(liquidityProvider), AMOUNT); } ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!