search

sherlock-audit / 2023-12-flatmoney-judging

11 stars 9 forks source link

jennifer37 - repeat deposit/withdraw to earn lot of FMP #103

Closed sherlock-admin closed 8 months ago

sherlock-admin commented 8 months ago

jennifer37

medium

repeat deposit/withdraw to earn lot of FMP

Summary

repeat deposit/withdraw to earn lot of FMP

Vulnerability Detail

When users deposit rETH, users will receive FMP as reward. However, when users withdraw rETH, there is no any punishment or time lock for withdraw. Users can repeat deposit/withdraw operations to gain lots of FMP.

Impact

Users can get more FMP than expected.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L61-L87

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L96-L140

Tool used

Manual Review

Recommendation

Duplicate of #187

sherlock-admin commented 8 months ago

2 comment(s) were left on this issue during the judging contest.

ubl4nk commented:

invalid -> the traders are at risk of losing fund due to the volatile price and also their are paying keeper and trade fees by doing opening and closing the positions in addition of gas-fees.

takarez commented:

invalid