Exchange Rate in `Portal::SellPortalEnergy()` can be influenced by user resulting in more PSM tokens than deserved

[hats-bug-reporter[bot]]

Github username: @Dliteofficial Twitter username: Dlite_official Submission hash (on-chain): 0xc8b01888e717adcdc6068057a1a35ddb113e60bc4fddc98b8cb02f686987ea9e Severity: medium

Description: Description\ A user can influence the exchange rate in Portal::SellPortalEnergy() by depositing more PSM tokens to tip the scale in his favour and to reduce the number of portalEnergy required to get 1 PSM token.

Attack Scenario\ This vulnerability is common with DeFi protocols that use Constant Product formula. In this case, this formula is used to determine how much portalEnergy is needed to get 1 PSM (exchange rate). In the POC attached, you'd discover that the user need 550 portalEnergy to get 1 unit of PSM. However, depending on how reduced he needs the exchange rate to be, in the POC, depositing 100_000 ether worth of PSM reduces the exchange rate to 137.

Attachments

1. Proof of Concept (PoC) File

2. Revised Code File (Optional)

Files:

• CPF.t.sol (https://hats-backend-prod.herokuapp.com/v1/files/QmbuZa6XdJJ8u39wjCPFZHL5t5ZJ4AbNjAatKFPtm4CwWy)

[PossumLabsCrypto]

This is not a vulnerability.

All PSM sent to the Portal is automatically assumed by the LP. Of course, that directly impacts the exchange ratio.

However, there is no way of economically exploiting this because the "profit" of the attack is at maximum equal to the amount PSM used to manipulate the LP price in the first place.