code423n4 commented 1 year ago

Lines of code

Vulnerability details

If 100% of the total supply of an EUSDShare token is locked in an external protocol, there are multiple ways to take control of all the EUSDShare tokens.
- If the protocol provides a flashloan, that's the simplest way. One can simply flashloan all the EUSD tokens.
- If it's a lending protocol, all the EUSDShare tokens can be borrowed.
- If it's an AMM, all the EUSDShare tokens can be swapped out to execute this attack.
Let's show you how an attacker would go about executing this attack for a protocol that offers flashloans:
- Flashloan all the EUSDShare that are available from the protocol.
- Redeem all the EUSDShare for underlying tokens.
- This results in resetting the share price. Now that the total supply is zero, the EUSDShare gets minted 1:1.
- Using the new share price, mint the EUSDShare that are required and pay back the flash loan.
- This takes fewer underlying tokens than the attacker redeemed in the last step.
If the share price has grown to, let's say, 3:2 due to yield accruing, the attacker can reset the ratio to 1:1 and pocket the difference.

Burn 100 wei of shares when the totalSupply is zero to make this attack infeasible.

Token-Transfer

c4-pre-sort commented 1 year ago

JeffCX marked the issue as low quality report

c4-judge commented 1 year ago

0xean marked the issue as unsatisfactory: Insufficient quality

kankodu commented 1 year ago

Maybe I didn't explain it right. Here's a good explanation of how this bug can materialise : https://twitter.com/kankodu/status/1685320718870032384