code423n4 commented 1 year ago

Lines of code

https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contracts/usd0/USDO.sol#L81-L94

Vulnerability details

Impact

    function flashLoan(
        IERC3156FlashBorrower receiver,
        address token,
        uint256 amount,
        bytes calldata data
    ) external override notPaused returns (bool) {
        // @audit re-enter and mint
        require(token == address(this), "USDO: token not valid");
        require(maxFlashLoan(token) >= amount, "USDO: amount too big");
        require(amount > 0, "USDO: amount not valid");
        uint256 fee = flashFee(token, amount);
        _mint(address(receiver), amount);

        require(
            receiver.onFlashLoan(msg.sender, token, amount, fee, data) ==
                FLASH_MINT_CALLBACK_SUCCESS,
            "USDO: failed"
        );
        ...

maxFlashLoan prevents flash minting more than specificed amount but attacker can re-enter flash-mint from onFlashLoan to mint more and bypass checks

Due to this breach, high enough flash mint could off balance the on chain liquidity.

Proof of Concept

N/A (covered in above section)

Tools Used

Manual Review

Recommended Mitigation Steps

Add Re-entrancy guard

Assessed type

Reentrancy

c4-pre-sort commented 1 year ago

minhquanym marked the issue as duplicate of #1043

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Insufficient quality

code-423n4 / 2023-07-tapioca-findings

Re-entrancy in flash minting USDO can bypass max checks #1674