cause fund loss in TokenggAVAX by early direct fund transfer and manipulating price per share #411
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-209
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/tokens/upgradeable/ERC4626Upgradeable.sol#L42-L54
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/tokens/upgradeable/ERC4626Upgradeable.sol#L132-L134
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/tokens/upgradeable/ERC4626Upgradeable.sol#L120-L124
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/tokens/TokenggAVAX.sol#L113-L130
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/tokens/TokenggAVAX.sol#L88-L109
Vulnerability details
Impact
by performing this attack, attacker can cause other users to lose their funds when they are depositing their AVAX tokens into TokenggAVAX pool. when ever users deposits AVAX token into TokenggAVAX, contract calculates shares amount based on percentage of the AVAX received amount to total AVAX balance of the contract. attacker can make the ratio AVAX to share very high (like
100 * 1e18
) by early direct AVAX transfer to contract address and this would cause very high division error inconvertToShares()
function and users would lose their funds up to ratio when depositing or withdrawing their funds.Proof of Concept
This is
convertToShares()
code which is used to calculate shares amount during the user's deposits:As you can see if the
totalAssets()
where so much bigger thansupply
then the division error would be very high for shares amount calculation (up tototalAssets() / supply
) and user would receive shares that their values are much less than AVAX tokens he deposited. attacker can causetotalAsset() / supply
ratio to be very high (up to1000 * 1e18
) and perform this attack. again when withdrawing contract uses functionpreviewWithdraw()
:and if attacker performs the attack and create big
totalAssets() / supply
ratio then user's more shares would get burned each time he withdraws because of the rounding up and division error.To make a big
totalAssets() / supply
ratio attacker needs to transfer AVAX tokens (for example1000 * 1e18
) directly to the contract address when contract deployed recently and has no or low deposits, and call thesyncRewards()
function so those transferred tokens get considered as rewards (whenblock.timestamp
is close tonextRewardsCycleEnd
). then attacker needs to calldeposit()
and deposit1 wei
AVAX and mint 1 share. so total supply would be 1 andtotalAssets()
would be1000 * 1e18
(after reward duration ends) andtotalAssets() / supply = 1000 * 1e18
.these are the steps attacker need to perform:
block.timestamp
to be nearrewardsCycleLength
multiple. (for example there is 1000 seconds for next cycle begin time).1000 * 1e18
AVAX tokens to the contract and callsyncRewards()
and contract would consider the1000 * 1e18
amount as rewards and start increasingtotalAssets()
linearly up to1000 * 1e18
until end of the cycle(in 1000 seconds).1 wei
AVAX into the contract and receive 1 share.totalAssets()
would be about1e18
(1000 seconds until end of the cycle and in each seconds contract would release1e18
tokens) and supply would be1
and every user depositing or withdrawing would lose up to1e18
tokens because of the rounding error in division. in this second if users deposits15 * 1e17
AVAX tokens then contract would mint 1 share for him which worth1e18
AVAX and users loses5 * 1e17
of his token in his deposits. and if user withdraws1 wei
AVAX tokens contract would burn his 1 shares and users would lose the rest of his funds,.totalAssets() / supply
would be1000 * 1e18
and users would lose up to1000 * 1e18
.the success and impact of this attack depends on closeness of
block.timestamp
to therewardsCycleLength
multiple (closer to the multiple the more fund loss) and amount of AVAX attacker transfers directly into the contract address. in general attacker can create high PPS ratio (the exact value of PPS that attacker can create may be differ based on the situation). the point is PPS would not get decreased after attack and users would lose funds afterwards and contract's broken state is not recoverable.Tools Used
VIM
Recommended Mitigation Steps
check for minimum deposit amount or add extra decimals for share amount.
The text was updated successfully, but these errors were encountered: