search

sherlock-audit / 2023-12-flatmoney-judging

11 stars 9 forks source link

Bauer - Users can pay a small fee with a token to mint a large amount of points #65

Closed sherlock-admin closed 8 months ago

sherlock-admin commented 8 months ago

Bauer

high

Users can pay a small fee with a token to mint a large amount of points

Summary

Every time a deposit or open position is executed, the protocol mints points for the user. Users can continuously deposit, withdraw, and mint large amounts of points.

Vulnerability Detail

Every time the StableModule.executeDeposit() function is called, the protocol invokes pointsModule.mintDeposit() to mint points for the user.

        // Mint points
        IPointsModule pointsModule = IPointsModule(vault.moduleAddress(FlatcoinModuleKeys._POINTS_MODULE_KEY));
        pointsModule.mintDeposit(_account, _announcedDeposit.depositAmount);

However, no action is taken in StableModule.executeWithdraw(). The issue arises from the fact that users can repeatedly call DelayedOrder.announceStableDeposit(), followed by DelayedOrder.announceStableWithdraw(), allowing them to obtain a large number of points with minimal fees. The same issue exists in the LeverageModule as well.

Impact

Users can obtain a large number of points by paying minimal fees with the smallest assets.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L83-L84 https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L96-L140

Tool used

Manual Review

Recommendation

Duplicate of #187

sherlock-admin commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid: i think there is no issue mentioned here