Description:Description\
A discrepancy exists in the InvestToken contract’s withdraw and redeem functionalities that allows users to receive a disproportionate amount of assets (USDE) while retaining a portion of their shares (InvestToken). When using withdraw with maxWithdraw calculated, the user's assets are calculated based on userTotalShare * previousPrice / (10 18), but the amount of shares removed is calculated with userTotalShare * previousPrice / currentPrice - the remain share is userTotalShare - userTotalShare * previousPrice / currentPrice = userTotalShare*(1-previousPrice/currentPrice). Conversely, if the user utilizes the redeem function and redeems the maximum redeemable amount, they receive the same calculated asset amount (userTotalShare * previousPrice / (10 18)) but fully redeem all shares.
Attack Scenario\
If the user proceeds with withdrawal again with the remaining shares and repeats this operation until the end, the maximum amount of assets that can be received is as follows.
userTotalShare * previousPrice / (10 ** 18) + userTotalShare*(1-previousPrice/currentPrice) * previousPrice / (10 ** 18) + [(userTotalShare*(1-previousPrice/currentPrice)) ** 2] * previousPrice / (10 ** 18) + [(userTotalShare*(1-previousPrice/currentPrice)) ** 3] * previousPrice / (10 ** 18) + ... = userTotalShare * previousPrice / (10 ** 18) / [1 - (1-previousPrice/currentPrice)] = userTotalShare * currentPrice/ (10 ** 18)
In this way, if a user deposits with currentPrice and then executes commitPrice to change currentPrice with nextPrice(nextPrice>currentPrice) and then withdraws, he will obtain more assets. This causes a loss of funds in the protocol.
Attachments\
Code Analysis: Demonstrating the calculation discrepancies in withdraw versus redeem.
Mathematical Justification: Series expansion example of the iterative extraction process using the discrepancy in share deduction, showcasing how an attacker can effectively extract userTotalShare * currentPrice / (10 ** 18) instead of a proportionate asset amount.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x9c0eb42c4cbd261b6c918bb510fe8772f9439a1db67823d1b31423f7cf664f7b Severity: high
Description: Description\ A discrepancy exists in the InvestToken contract’s withdraw and redeem functionalities that allows users to receive a disproportionate amount of assets (USDE) while retaining a portion of their shares (InvestToken). When using withdraw with maxWithdraw calculated, the user's assets are calculated based on userTotalShare * previousPrice / (10 18), but the amount of shares removed is calculated with
userTotalShare * previousPrice / currentPrice
- the remain share isuserTotalShare - userTotalShare * previousPrice / currentPrice = userTotalShare*(1-previousPrice/currentPrice)
. Conversely, if the user utilizes the redeem function and redeems the maximum redeemable amount, they receive the same calculated asset amount (userTotalShare * previousPrice / (10 18)) but fully redeem all shares.Attack Scenario\ If the user proceeds with withdrawal again with the remaining shares and repeats this operation until the end, the maximum amount of assets that can be received is as follows.
userTotalShare * previousPrice / (10 ** 18)
+userTotalShare*(1-previousPrice/currentPrice) * previousPrice / (10 ** 18)
+[(userTotalShare*(1-previousPrice/currentPrice)) ** 2] * previousPrice / (10 ** 18)
+[(userTotalShare*(1-previousPrice/currentPrice)) ** 3] * previousPrice / (10 ** 18)
+...
=userTotalShare * previousPrice / (10 ** 18) / [1 - (1-previousPrice/currentPrice)]
=userTotalShare * currentPrice/ (10 ** 18)
In this way, if a user deposits with currentPrice and then executes commitPrice to change currentPrice with nextPrice(nextPrice>currentPrice) and then withdraws, he will obtain more assets. This causes a loss of funds in the protocol.
Attachments\ Code Analysis: Demonstrating the calculation discrepancies in withdraw versus redeem. Mathematical Justification: Series expansion example of the iterative extraction process using the discrepancy in share deduction, showcasing how an attacker can effectively extract userTotalShare * currentPrice / (10 ** 18) instead of a proportionate asset amount.