Open hats-bug-reporter[bot] opened 3 months ago
Thank you for your submission.
That's an interesting finding. I tried to test the scenario you described with various setups and inputs but was unsuccessful. I wasn't able to withdraw the same amount of assets with a smaller amount of liquidity nor withdraw a slightly larger amount of assets with the same amount of liquidity.
Could you write a test (like this for example) proving the exploit or give the concrete setup and input data so it can be tested?
Invalid due to lack of valid proof of the vulnerability.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x1f8723a1839e4aca2cf586aa36fd70ccca364fca72be213b6369662a384c215b Severity: medium
Description: Description:
The
remove_liquidity_by_amounts
allows users to withdraw liquidity from a pool by specifying the desired withdrawal amounts of tokens. It will burns LP tokens and withdraws underlying tokens back to user.The part where converting
amounts
toshares_to_burn
is where the issue occured. Thisrated_compute_lp_amount_for_withdraw
call eventually goes tocompute_lp_amount_for_withdraw
.based on code above, the
checked_div
code rounds down, this will cause calculations to be in favor of the user instead of the protocol.In calculating the amount of shares to burn for amount of underlying tokens a user has to provide, it should round up. This is similar function logic with
previewWithdraw
in ERC4626, where it should be a rounding up.The rounding down in current
compute_lp_amount_for_withdraw
code could lead to the protocol burning slightly fewer shares than calculated. This translates to users receiving a slightly higher proportional value back from the pool for their withdrawn assets.Referring to Curve, the
previewWithdraw
which calculate number of shares which gets burned when withdrawing given amount of asset, is using a rounding up. Meanwhile in thiscompute_lp_amount_for_withdraw
the rounding is down.Scenario:
Using flashloan, user can deposit some amount of assets, get LP tokens with proportional share to what user deposits. Then they can proceed with withdrawing asset with
remove_liquidity_by_amounts
, by burning lesser share, they can repeatedly do this action until liquidity drained.Impact:
Due to rounding issue, user will burn less LP share for amount they withdraw, thus this can negatively impact the protocol's liquidity or balance. The impact will amplitude if the amount is larger.
Mitigation:
Implement rounding up in
compute_lp_amount_for_withdraw
to align with Curve's approach and common ERC4626.