An attacker can follow these steps to manipulate the exchange rate:
Just after VToken is deployed, mint the smallest amount of VTokens possible.
Transfer underling tokens directly to the contract to inflate the exchange rate, if any user now transfers tokens less than the value of exchangeRate the mintTokens value would be rounded down to zero.
redeem the VToken balance for the entire underlying token balance of the VToken contract.
The attacker would transfer a large amount of tokens in step 2 so that all the user transfers would round down to zero and later they can redeem all the underlying tokens from the contract.
The protocol owners can perform the initial deposit themselves with a small amount of underlying tokens and then burn the received VTokens by sending them to a dead address.
Lines of code
https://github.com/code-423n4/2023-05-venus/blob/main/contracts/VToken.sol#L776
Vulnerability details
Impact
Loss of user funds due to incorrect rounding
Details
The amount of VTokens minted to a user are based on the following calculations:
For a newly deployed
VToken
, the totalBorrows, badDebt and totalReserves would be zero, and the exchange rate would be equal to either of the one:initialExchangeRateMantissa
, in case totalSupply is zero.An attacker can follow these steps to manipulate the exchange rate:
mintTokens
value would be rounded down to zero.The attacker would transfer a large amount of tokens in step 2 so that all the user transfers would round down to zero and later they can redeem all the underlying tokens from the contract.
For more info: https://akshaysrivastav.hashnode.dev/first-deposit-bug-in-compoundv2-and-its-forks
Recommendation
The protocol owners can perform the initial deposit themselves with a small amount of underlying tokens and then burn the received VTokens by sending them to a dead address.
Assessed type
Math