Every time the notifyPnL() get called, if in the config, there is a part of token distribute for guild, there will be credit token distribute for guild holder:
This enables a well-known attack vector, in which the attacker will deposit peg token to get credit token, stake them and unstake right after claim reward.
Impact
Not everytime user can claim reward and get profit like this, it depend alot about other factor: total credit token can be minted by RateLimitedMinter, total profit gained, ....., but the attack effectively steal the part of the newly added rewards
Recommendation
Reward distribute by staking guild token should be distributed like credit token rebasing,
Judge has assessed an item in Issue #481 as 2 risk. The relevant finding follows:
5, Attacker can front run distribute reward from GUILD token and steal newly added rewards
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SurplusGuildMinter.sol#L114-#L212
Vulnerability details
Every time the
notifyPnL()
get called, if in the config, there is a part of token distribute for guild, there will be credit token distribute for guild holder:This enables a well-known attack vector, in which the attacker will deposit peg token to get credit token, stake them and unstake right after claim reward.
Impact
Not everytime user can claim reward and get profit like this, it depend alot about other factor: total credit token can be minted by
RateLimitedMinter
, total profit gained, ....., but the attack effectively steal the part of the newly added rewardsRecommendation
Reward distribute by staking guild token should be distributed like credit token rebasing,