Closed github-actions[bot] closed 1 year ago
Comment from Lead Watson
I don't believe there is actually a way to manipulate the exchange rate. Minting or redeeming shares keep the exchange rate the same, because you mint/burn from total supply as well as updating totalBorrows and totalReserves. There isn't an attack I know where a user could flash loan to change these values
ctf_sec
medium
Underlying exchange rate can be manipulated in compound (fork), which impacting the mint / redeem in SoftVault.sol
Summary
SoftVault cToken redeem can fail if the underlying token shortfalls
Vulnerability Detail
In the current implementation, the Soft Vault replies on compound based implementation to do lend and redeem
note the function call
https://github.com/compound-finance/compound-protocol/blob/a3214f67b73310d547e00fc578e8355911c9d376/contracts/CErc20.sol#L60
which calls:
which calls:
https://github.com/compound-finance/compound-protocol/blob/a3214f67b73310d547e00fc578e8355911c9d376/contracts/CToken.sol#L456
which calls:
the amount token redeem is determined by:
which calls:
According to https://docs.compound.finance/v2/ctokens/#exchange-rate
Each cToken is convertible into an ever increasing quantity of the underlying asset, as interest accrues in the market. The exchange rate between a cToken and the underlying asset is equal to:
given there is no slippage control and deadline check of the cToken.redeem, before the SoftVault.sol.withdraw transaction landed, the transaction happens before can impact the exchangeRate and impact the amount of redeemed.
For example, the user means to call SoftVault.sol#withdraw at exchange rate 100000 unit, but a user intentionally or unintentionally execute redeem / mint function, which change the exchangeRate, the user has to redeem in less than 100000 unit exchange rate.
Impact
Exchange rate manipulation or fluacutation impacting cToken mint / redeem
Code Snippet
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/vault/SoftVault.sol#L88-L123
Tool used
Manual Review
Recommendation
We recommend the protocol add deadline check and slippage check to avoid exchange rate manipulation.