lucas-manuel
commented
3 years ago We will change the name of this function to BPTVal_unsafe so onchain integrators are aware of this vulnerability.
Open code423n4 opened 3 years ago
lucas-manuel
commented
3 years ago We will change the name of this function to BPTVal_unsafe so onchain integrators are aware of this vulnerability.
lucas-manuel
commented
3 years ago Disagree with severity
Arachnid
commented
3 years ago Agree with Sponsors' reasoning for severity.
Handle
shw
Vulnerability details
Impact
In
library/PoolLib.sol, the return value of functionsBPTValandgetPoolSharesRequiredare vulnerable by flash-loan attacks. The attacker can inflate the results of these two functions by swapping a large amount ofliquidityAssetinto the pool and swaps back after the functions are called to deceive the pool contract that BPT has a relatively high price.Although currently
BPTValis not used andgetPoolSharesRequiredonly affects the required staking amounts of token for a pool delegate, the code is vulnerable and could be misused by anyone in the future.Proof of Concept
In the function
BPTVal, the value of BPT in units of liquidityAsset is calculated directly from the balance ofliquidityAssetin the Balancer pool (PoolLib.sol#331). For functiongetPoolSharesRequired, the required BPT to be burned also depends on the current balance ofliquidityAssetin the pool.Tools Used
None
Recommended Mitigation Steps
Use the balance of
liquidityAssetin the previous block to eliminate the possibility of suffering from a flash-loan attack. A time-weight average price can also mitigate the problem.