search

code-423n4 / 2024-04-renzo-validation

2 stars 2 forks source link

Downgrade Attack Potential Due to Fixed Point Arithmetic #1060

Closed c4-bot-1 closed 5 months ago

c4-bot-1 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-04-renzo/blob/main/contracts/Oracle/RenzoOracle.sol#L123-L149

Vulnerability details

Impact

In the method calculateMintAmount, fixed point arithmetic calculations are carried out to result into inflation, which is subsequently subtracted from a constant (SCALE_FACTOR). Fixed point arithmetic always rounds down the results of its calculations, a potential vulnerability that might be exploited in a downgrade attack.

Here is how an attacker might exploit this: they'd make a deposit such that the inflation computation is not a whole number, hence causing rounding down to happen. That means that the attacker's subsequent deposit would cause a decrease in inflation, potentially allowing more tokens to be minted off this decreased value.

Proof of Concept

https://github.com/code-423n4/2024-04-renzo/blob/main/contracts/Oracle/RenzoOracle.sol#L123-L149

    // Calculate the percentage of value after the deposit
    uint256 inflationPercentage = (SCALE_FACTOR * _newValueAdded) /
        (_currentValueInProtocol + _newValueAdded);

    // Calculate the new supply
    uint256 newEzETHSupply = (_existingEzETHSupply * SCALE_FACTOR) /
        (SCALE_FACTOR - inflationPercentage);

Tools Used

Recommended Mitigation Steps

To mitigate this risk, consider using a library for fixed point arithmetic that does not round down results or otherwise avoids the precision differences that could be exploited.

Additionally, you could implement a check to ensure that the inflation is only decreased by a legitimate deposit, rather than by a small crafted one aimed at exploiting the round-down effect of fixed point operations.

Another good security measure would be to limit the smallest possible deposit or consider implementing slippage protection in order to prevent individuals from benefiting inappropriately from such calculated deposits. This would help control the scope of potential manipulation.

Finally, you could also monitor unusual deposit patterns that may indicate that someone is attempting such manipulation, though this would be more reactive than preventative.

Assessed type

Other

DadeKuma commented 5 months ago

Input is multiplied by SCALE_FACTOR to avoid this. Invalid due to insufficient proof.

DadeKuma commented 5 months ago

@howlbot reject