[WP-H1] The value of LP token can be manipulated by the first minister, which allows the attacker to dilute future liquidity providers' shares #145
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
WatchPug
Vulnerability details
For the first minter of an Exchange pool, the ratio of
X/Y
and thetotalSupply
of the LP token can be manipulated.A sophisticated attacker can mint and burn all of the LP tokens but
1 Wei
, and then artificially create a situation of rebasing up by transferring baseToken to the pool contract. ThenaddLiquidity()
insingleAssetEntry
mode.Due to the special design of
singleAssetEntry
mode, the value of LP token can be inflated very quickly.As a result,
1 Wei
of LP token can be worthing a significate amount of baseToken and quoteToken.Combine this with the precision loss when calculating the amount of LP tokens to be minted to the new liquidity provider, the attacker can turn the pool into a trap which will take a certain amount of cut for all future liquidity providers by minting fewer LP tokens to them.
https://github.com/code-423n4/2022-01-elasticswap/blob/d107a198c0d10fbe254d69ffe5be3e40894ff078/elasticswap/src/libraries/MathLib.sol#L493-L512
https://github.com/code-423n4/2022-01-elasticswap/blob/d107a198c0d10fbe254d69ffe5be3e40894ff078/elasticswap/src/libraries/MathLib.sol#L204-L212
PoC
Given:
Pool
is newly created;baseToken
in terms ofquoteToken
is1
.The attacker can do the following steps in one tx:
addLiquidity()
with2 Wei of baseToken
and100e18 quoteToken
, received14142135623
LP tokens;removeLiquidity()
with14142135622
LP tokens, the Pool state becomes:baseToken.transfer()
7071067812 Wei to the Pool contract;addLiquidity()
with no baseToken and50e18 quoteToken
;swapBaseTokenForQuoteToken()
with600000000000000 baseToken
, the Pool state becomes:baseToken.transfer()
999399992928932200 Wei to the Pool contract;addLiquidity()
with no baseToken and1e18 quoteToken
, the Pool state becomes:From now on,
addLiquidity()
with less than1e18
ofbaseToken
andquoteToken
will receive0
LP token due to precision loss.The amounts can be manipulated to higher numbers and cause most future liquidity providers to receive fewer LP tokens than expected, and the attacker will be able to profit from it as the attacker will take a larger share of the pool than expected.
Recommendation
Consider requiring a certain amount of minimal LP token amount (eg, 1e8) for the first minter and lock some of the first minter's LP tokens by minting ~1% of the initial amount to the factory address.
The text was updated successfully, but these errors were encountered: