In the method calculateMintAmount, fixed point arithmetic calculations are carried out to result into inflation, which is subsequently subtracted from a constant (SCALE_FACTOR). Fixed point arithmetic always rounds down the results of its calculations, a potential vulnerability that might be exploited in a downgrade attack.
Here is how an attacker might exploit this: they'd make a deposit such that the inflation computation is not a whole number, hence causing rounding down to happen. That means that the attacker's subsequent deposit would cause a decrease in inflation, potentially allowing more tokens to be minted off this decreased value.
// Calculate the percentage of value after the deposit
uint256 inflationPercentage = (SCALE_FACTOR * _newValueAdded) /
(_currentValueInProtocol + _newValueAdded);
// Calculate the new supply
uint256 newEzETHSupply = (_existingEzETHSupply * SCALE_FACTOR) /
(SCALE_FACTOR - inflationPercentage);
Tools Used
Recommended Mitigation Steps
To mitigate this risk, consider using a library for fixed point arithmetic that does not round down results or otherwise avoids the precision differences that could be exploited.
Additionally, you could implement a check to ensure that the inflation is only decreased by a legitimate deposit, rather than by a small crafted one aimed at exploiting the round-down effect of fixed point operations.
Another good security measure would be to limit the smallest possible deposit or consider implementing slippage protection in order to prevent individuals from benefiting inappropriately from such calculated deposits. This would help control the scope of potential manipulation.
Finally, you could also monitor unusual deposit patterns that may indicate that someone is attempting such manipulation, though this would be more reactive than preventative.
Lines of code
https://github.com/code-423n4/2024-04-renzo/blob/main/contracts/Oracle/RenzoOracle.sol#L123-L149
Vulnerability details
Impact
In the method
calculateMintAmount
, fixed point arithmetic calculations are carried out to result into inflation, which is subsequently subtracted from a constant (SCALE_FACTOR). Fixed point arithmetic always rounds down the results of its calculations, a potential vulnerability that might be exploited in a downgrade attack.Here is how an attacker might exploit this: they'd make a deposit such that the inflation computation is not a whole number, hence causing rounding down to happen. That means that the attacker's subsequent deposit would cause a decrease in inflation, potentially allowing more tokens to be minted off this decreased value.
Proof of Concept
https://github.com/code-423n4/2024-04-renzo/blob/main/contracts/Oracle/RenzoOracle.sol#L123-L149
Tools Used
Recommended Mitigation Steps
To mitigate this risk, consider using a library for fixed point arithmetic that does not round down results or otherwise avoids the precision differences that could be exploited.
Additionally, you could implement a check to ensure that the inflation is only decreased by a legitimate deposit, rather than by a small crafted one aimed at exploiting the round-down effect of fixed point operations.
Another good security measure would be to limit the smallest possible deposit or consider implementing slippage protection in order to prevent individuals from benefiting inappropriately from such calculated deposits. This would help control the scope of potential manipulation.
Finally, you could also monitor unusual deposit patterns that may indicate that someone is attempting such manipulation, though this would be more reactive than preventative.
Assessed type
Other