AuditorPraise - `mintRatio` in GSPFunding.buyShares() uses lesser input ratio to calculate shares, this could cause discrepancies between funds deposited by users and shares minted for users #125
mintRatio in GSPFunding.buyShares() uses lesser input ratio to calculate shares, this could cause discrepancies between funds deposited by users and shares minted for users
Summary
The issue lies in how mintRatio is calculated here.
Vulnerability Detail
GSPFunding.buyShares() selects the smaller of the two values (quoteInputRatio and baseInputRatio) when calculating the mintRatio which is wrong as the token with more deposit from the user won't really have an influence on the shares minted for the user.
For example if a user deposits more base tokens( lets say 10000$ dai) than quote tokens( lets say 3000$ usdc) when buying shares (i.e, calling GSPFunding.buyShares()), mintRatio will be quoteInputRatio and not baseInputRatio which will be a loss for the user as 7000$ worth of shares is unaccounted for in the shares allocated to the user.
Impact
High severity as the token with more deposit from users won't influence users shares. This is loss of funds because user will lose % of funds that he deposited that didn't reflect in his shares.
Use the greater of the two values (quoteInputRatio and baseInputRatio) when calculating the mintRatio. That way, the higher input ratio will influence user's shares.
AuditorPraise
high
mintRatioin GSPFunding.buyShares() uses lesser input ratio to calculate shares, this could cause discrepancies between funds deposited by users and shares minted for usersSummary
The issue lies in how
mintRatiois calculated here.Vulnerability Detail
GSPFunding.buyShares() selects the smaller of the two values (quoteInputRatio and baseInputRatio) when calculating the
mintRatiowhich is wrong as the token with more deposit from the user won't really have an influence on the shares minted for the user.For example if a user deposits more base tokens( lets say 10000$ dai) than quote tokens( lets say 3000$ usdc) when buying shares (i.e, calling GSPFunding.buyShares()),
mintRatiowill be quoteInputRatio and not baseInputRatio which will be a loss for the user as 7000$ worth of shares is unaccounted for in the shares allocated to the user.Impact
High severity as the token with more deposit from users won't influence users shares. This is loss of funds because user will lose % of funds that he deposited that didn't reflect in his shares.
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPFunding.sol#L69
Tool used
Manual Review
Recommendation
Use the greater of the two values (quoteInputRatio and baseInputRatio) when calculating the
mintRatio. That way, the higher input ratio will influence user's shares.Duplicate of #74