ZeroTrust - A malicious user can obtain more reserve tokens by selling GoodDollar multiple times rather than selling it all at once. #64
Labels
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
ZeroTrust
High
A malicious user can obtain more reserve tokens by selling GoodDollar multiple times rather than selling it all at once.
Summary
A malicious user can obtain more reserve tokens by selling GoodDollar multiple times rather than selling it all at once.
Root Cause
https://github.com/sherlock-audit/2024-10-mento-update/blob/098b17fb32d294145a7f000d96917d13db8756cc/mento-core/contracts/goodDollar/BancorExchangeProvider.sol#L324
Due to the effect of exitContribution, the price curve becomes discontinuous, allowing malicious users to exploit this.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
Split the GoodDollar to be sold into multiple sales.
Impact
Malicious users can obtain more reserve tokens, causing honest users to incur losses.
PoC
Add above code in file
test/unit/goodDollar/GoodDollarExchangeProvider.t.sol
, then runforge test --mt test_compare_sell_two_times_swapIn -vv
then will get:
It can be seen that selling in two transactions yields more reserve tokens. If split into even more transactions, even more reserve tokens can be obtained.
Mitigation
The penalty fees are stored separately to be allocated to UBI receivers.
The text was updated successfully, but these errors were encountered: