Flash credit transactions are not charged, in which case attackers can abuse the system

Summary

Security Issue: The flashFee function always returns 0 means that flash loan transactions are not charged. It is normally common practice to charge a fee for flash loan transactions, and this fee is used to prevent system abuse attacks and avoid overloading the chain. Therefore, zero FlashLoanFee can be a security concern.


2023-05-ironbank-0xSmartContract/ib-v2/src/flashLoan/FlashLoan.sol:
  48      /// @inheritdoc IERC3156FlashLender
  49:     function flashFee(address token, uint256 amount) external view override returns (uint256) {
  50:         amount;
  51: 
  52:         require(IronBankInterface(ironBank).isMarketListed(token), "token not listed");
  53: 
  54:         return 0;
  55:     }

Vulnerability Detail

The flashFee function always returns the value of FlashLoanFee as zero. This can create a security issue.

In cases where there is no charge for flash credit transactions, attackers can abuse the system. For example, an attacker can make many transactions using a flash loan, then undo all the transactions and make a profit without any cost. This can destabilize the system and affect other users.

Impact

Code Snippet

FlashLoan.sol#L54

Tool used

Manual Review

Recommendation

To solve this security issue, a realistic fee calculation logic should be implemented in the flashFee function. A fee to be charged for flash loan transactions should be determined and it should be ensured that this fee is not zero. Thus, it will be possible to prevent abuse of the system and to maintain a fair economic balance.

sherlock-audit / 2023-05-ironbank-judging

0xSmartContract - Flash credit transactions are not charged, in which case attackers can abuse the system #320