c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/Prime.sol#L623-L639

Vulnerability details

Impact

In the Markets of tokens in the Venus protocol, we might have some being powered by rebasing tokens, This are tokens that uses elastic supply mechanisms, which means the amount of tokens in circulation depends on the supply and demand of the tokens in the ecosystem, examples of this token is the AmpleForth (AMPL) which initiative a rebase every 24 hours, the implementation of the markets to be qualified for the Prime Program can have a huge impact on the state of the Contrats, which in turn will have an effect on how the rewards are distributed.

Proof of Concept

Tracking States : The state of the Markets, which tracks how many scores for all holder have based on their actions on the protocol, may greatly differ when the assets actually rebase, causing the contract Market Struct to be using an incorrect state, this means if the rebase tokens actually increase the supply or the borrow also increases, this means that the score in which the Prime Token contracts stores, will either be lower than the actual score or higher than the actual score

This issue can also grow a lot higher than this, if you have a situation in which there are 1000+ users Prime token holders who also supply Rebasing tokens, in could have high impact on the distribution if rewards throughout the Prime Program, as users who supply or borrow normal tokens can be greatly affected, in this kind of situations

struct Market {
        uint256 supplyMultiplier;
        uint256 borrowMultiplier;
        uint256 rewardIndex;
        uint256 sumOfMembersScore;
        bool exists;
    }

Let's dive in deeper, This are some of the operations which can be affected in a rebasing effect

uint256 score = _calculateScore(market, account);
            interests[market][account].score = score;
            markets[market].sumOfMembersScore = markets[market].sumOfMembersScore + score;

Individual and Total scores Of Users : The total scores of the whole Prime Tokens Holders will be affected by a rebase This can affect individual user scores because the value of assets supplied and borrowed may fluctuate due to the rebasing mechanism. If the total supply of the asset increases significantly, it could lead to a decrease in individual scores, assuming other factors remain constant. The total sum of scores for all participants in the protocol may fluctuate as the total value of assets supplied and borrowed changes with the rebasing asset's supply adjustments.

User and Total Rewards Distributed As the score, which is a major determining factor for determining how much rewards each user gets, will be affected, it may impact the share of rewards users receive.

Recommended Mitigation Steps

This situation highlights a challenge when dealing with rebasing assets in DeFi protocols. The rebasing nature of tokens can lead to discrepancies between the tracked state and the actual value of assets. To address this, protocols need to implement mechanisms to account for and adjust scores and rewards based on the actual value of assets, especially when rebasing events occur. Or Choose Not to Use Rebasing Tokens in the assets in the Venus Protocols Markets, as the problems are much more than the advantages.