Skip to content
This repository has been archived by the owner on Dec 31, 2023. It is now read-only.

Latest commit

 

History

History
39 lines (32 loc) · 3 KB

032.md

File metadata and controls

39 lines (32 loc) · 3 KB
Raw

Oxhunter526

medium

Title: Flawed Calculation Logic in userDeposit Function Allows Excess Funds Unreturned

Summary

The userDeposit function in the codebase contains a flawed calculation logic that allows users to deposit more funds than required and receive an unintended amount of dTokens in return. This vulnerability poses a security concern as it can lead to economic imbalances, financial losses, and unfair advantages within the system.

Vulnerability Detail

The issue stems from the calculation logic within the userDeposit function. Specifically, the calculation of the corresponding amount of dTokens does not properly account for cases where users deposit more funds than necessary. As a result, users can unintentionally receive a different amount of dTokens than expected, leading to financial inconsistencies and unfair distribution of dTokens.

Impact

  1. Financial Losses: Users depositing more funds than necessary for the corresponding dTokens may incur financial losses if they receive a lesser amount of dTokens than expected based on their excess deposit.
  2. User Dissatisfaction: Users who deposit more funds but receive a smaller amount of dTokens may become dissatisfied with the platform or service, leading to a negative user experience and potential loss of trust.
  3. Inefficiency and Resource Misallocation: Excess funds that are not utilized for minting dTokens create inefficiencies and can result in the misallocation of resources within the system.

Code Snippet

Link

Proof of Concept (PoC):

function userDeposit(uint256 amount) public {
    uint256 exchangeRate = getExchangeRate();
    uint256 dTokensToMint = amount / exchangeRate;
    
    // Mint dTokens to the user
    dToken.mint(msg.sender, dTokensToMint);
    
    // Transfer the excess funds back to the user
    uint256 excessFunds = amount - (dTokensToMint * exchangeRate);
    msg.sender.transfer(excessFunds);
}

Suppose the current exchange rate is 10 tokens per dToken. A user deposits 150 tokens.

Tool used

Manual Review

Recommendation

  1. Validate the deposited amount: Before executing the minting process, validate the amount deposited by the user to ensure it is equal to or greater than the required amount based on the exchange rate. Reject any deposits below and more than the required threshold.
  2. Adjust the calculation logic: Instead of relying solely on the division of the deposited amount by the exchange rate, consider using a modular operation (amount % exchangeRate) to calculate the excess funds. This will allow for accurate calculation of the corresponding dTokens and any excess amount.
  3. Return excess funds to the user: Modify the code to transfer any excess funds back to the user after minting the corresponding dTokens. Calculate the excess funds as excessFunds = amount - (dTokensToMint * exchangeRate) and transfer it back to the user's account.