nikhilx0111 - malicious user can grief thw protocol

[sherlock-admin3]

nikhilx0111

High

malicious user can grief thw protocol

Summary

users can buy good tokens for reserve asset by depositing reserve asset in the contract after the deposit the contract will calculate how much the users should receive based on their deposit however due to the design of the protocol a user can make huge amount of profit by exploiting the protocol

in the broker.sol when a user deposits reserve in the contract by calling swap in broker.sol the amount the user will receive for a given amount of reserve is calculated in bancorformula.sol the amount is calculated as

function purchaseTargetAmount(
uint256 _supply,
uint256 _reserveBalance,
uint32 _reserveWeight,
uint256 _amount
) internal view returns (uint256) {
// validate input
require(_supply > 0, "ERR_INVALID_SUPPLY");
require(_reserveBalance > 0, "ERR_INVALID_RESERVE_BALANCE");
require(_reserveWeight > 0 && _reserveWeight <= MAX_WEIGHT, "ERR_INVALID_RESERVE_WEIGHT");

// special case for 0 deposit amount
if (_amount == 0) return 0;

// special case if the weight = 100%
if (_reserveWeight == MAX_WEIGHT) return (_supply * _amount) / _reserveBalance;

uint256 result;
uint8 precision;
uint256 baseN = _amount + _reserveBalance;
(result, precision) = power(baseN, _reserveBalance, _reserveWeight, MAX_WEIGHT);
uint256 temp = (_supply * result) >> precision;
return temp - _supply;

}

lets consider a scenario
reserveweight = maxweight true

Supply = 200 million
Reserve Balance = 200 million
Amount = 100 million

(_supply * _amount) / _reserveBalance;

200000000x100000000/200000000=100000000

100 million this is the amount the user will receive for his deposit
now as you can see the amount the user will receive is correlated to the reserve balance of the contract

a user can see this and exploit this by first executing a trade by depositing g$ in the contract and taking out reserve from the contract and lowering the balance of the reserve tokens in the contract after this trade imagine the the new reserve balance = 80 million

(_supply * _amount) / _reserveBalance;

200000000x100000000/80000000=250,000,000

250 million is the amount the user will receive as we can see the amount will be much higher when the reserve balance is lower this can open a window for malicious user to make huge profit by manipulating the balance of the contract this attack is possible even with amounts much lower than this

​

Root Cause

https://github.com/sherlock-audit/2024-10-mento-update/blob/main/mento-core/contracts/goodDollar/BancorExchangeProvider.sol#L324-L347

https://github.com/sherlock-audit/2024-10-mento-update/blob/main/mento-core/contracts/goodDollar/BancorFormula.sol#L192-L214

https://github.com/sherlock-audit/2024-10-mento-update/blob/main/mento-core/contracts/swap/Broker.sol#L2-L301

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

Initial Deposit:

Alice deposits G$: Alice starts by depositing G$ into the contract. In doing so, she takes tokens out of the reserve, which reduces the reserve balance.
Effect on Reserve: The reserve balance decreases significantly due to Alice’s withdrawal, creating an opportunity for her to exploit the altered state of the reserve

Re-depositing Tokens:

Alice deposits tokens back into the contract: Once the reserve balance is significantly lower, Alice re-deposits her tokens back into the contract, which further impacts the reserve.

Impact

A malicious user can manipulate the contract's supply and pricing to make a huge profit at the expense of the protocol

PoC

No response

Mitigation

this is a design issue. Consider implementing changes in the contract so that a user can't manipulate the supply of contract tokens to make profit