Closed sherlock-admin2 closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, seems to be duplicate of #190 in [003-H], but I don't see the manipulation here given users would have to deposit to obtain shares and burned upon withdrawal, so collateralPerShare is updated correctly.
the-first-elder
high
collateralPerShare can maniuplated to become very expensive even lead to a dos attack.
Summary
The collateral per share is determined by the total supply of the stableModule token, Every user is forces to use a common
collateralpershare
irrespective of the amount deposited.Vulnerability Detail
An attacker may exploit the system by depositing a large amount of reth to generate a significant quantity of stableModule tokens, thereby inflating the total supply. This manipulation leads to a rise in the collateral per share.
For instance, if an attacker deposits 1 stable token as collateral for $1,000, causing a surge in the total supply, User A may find it impossible to utilize 1 stable token as collateral for the same $1,000. Consequently, User B would have to pay more for the identical $1,000 deposit. Over time, the collateral per share becomes prohibitively expensive.
Impact
This manipulation forces an increase in the collateral per share for other users, potentially culminating in a denial-of-service (DoS) attack.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L214
Tool used
Manual Review
Recommendation
1.collateral per share can be a fixed amount that is regulated by the admin from time to time.