c4-bot-1 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-02-spectra/blob/main/src/tokens/PrincipalToken.sol#L609

Vulnerability details

Impact

Attackers can drain gas and congest the PrincipalToken contract by taking recurring flash loans without actual usage.

Proof of Concept

File: PrincipalToken.sol
609:     function flashLoan(
610:         IERC3156FlashBorrower _receiver,
611:         address _token,
612:         uint256 _amount,
613:         bytes calldata _data
614:     ) external override returns (bool) {
615:         if (_amount > maxFlashLoan(_token)) revert FlashLoanExceedsMaxAmount();
616: 
617:         uint256 fee = flashFee(_token, _amount);
618:         _updateFees(fee);
619: 
620:         // Initiate the flash loan by lending the requested IBT amount
621:         IERC20(ibt).safeTransfer(address(_receiver), _amount);
622: 
623:         // Execute the flash loan
624:         if (_receiver.onFlashLoan(msg.sender, _token, _amount, fee, _data) != ON_FLASH_LOAN)
625:             revert FlashLoanCallbackFailed();
626: 
627:         // Repay the debt + fee
628:         IERC20(ibt).safeTransferFrom(address(_receiver), address(this), _amount + fee);
629: 
630:         return true;
631:     }

Lines of Code

No mitigation for gas limits or recurrance caps when initiating flash loans.

Tools Used

Manual Review

Recommended Mitigation Steps

Put a max borrower limit per block
Require minimum borrow amounts
Charge variable fee for repeat borrowers

Assessed type

Other

c4-pre-sort commented 9 months ago

gzeon-c4 marked the issue as insufficient quality report

gzeoneth commented 9 months ago

invalid

c4-judge commented 8 months ago

JustDravee marked the issue as unsatisfactory: Invalid

code-423n4 / 2024-02-spectra-findings

Flash Loan Griefing Leading to Gas Wastage and Congestion #292