Users providing a low supply amount results in no tokens received
Summary
The IronBank#supply function allows users to provide an underlying asset in exchange for ibTokens. Unfortunately, if the user supplies a low amount of underlying asset resulting in the user not receiving any ibTokens, the contract will still transfer the underlying asset over to the IronBank contract and the user will not receive any ibTokens.
Vulnerability Detail
The ibTokens given to the user is based on the following formula:
plainshift-2
medium
Users providing a low supply amount results in no tokens received
Summary
The
IronBank#supplyfunction allows users to provide an underlying asset in exchange for ibTokens. Unfortunately, if the user supplies a low amount of underlying asset resulting in the user not receiving any ibTokens, the contract will still transfer the underlying asset over to the IronBank contract and the user will not receive any ibTokens.Vulnerability Detail
The ibTokens given to the user is based on the following formula:
If
_getExchangeRateever returns a value large enough to exceed the numerator, then the ibTokenAmount value will equal 0.The relevant
IronBank#supply()function can be found here.Impact
Users who provide very little underlying asset will have their assets transferred over to IronBank without receiving any ibTokens.
Code Snippet
Found in IronBank#supply().
Tool used
Line-by-line review
Manual Review
Recommendation
There should be a check that if the ibTokenAmount equals 0, the function should revert. This will allow for users to retain their tokens.