etherfi-protocol/smart-contracts

Security: Price Manipulation in function amountForShare

smartsmartsec opened this issue · 0 comments

Attack type

Remote

Impact

  • Other: Potential financial loss or gain due to manipulation of share calculations, affecting fair distribution of assets.

Affected component(s)

function amountForShare in LiquidityPool.sol

Attack vector(s)

A malicious actor could manipulate the totalShares variable by significantly increasing or decreasing their shares right before executing the amountForShare function, which could adversely affect the exchange ratio for other users.

Suggested description of the vulnerability for use in the CVE

The amountForShare function in the Ether.fi smart contract is vulnerable to timing attacks where the return value can be manipulated by sudden changes in totalShares. An attacker could perform large transactions that drastically alter the totalShares value right before executing this function, leading to a miscalculation in the amount returned per share. This vulnerability allows for a possible unfair advantage or loss, impacting the financial integrity of the platform.

Discoverer(s)/Credits

xFuzz

Proposed Solution

  • Implement mechanisms to mitigate the impact of large, rapid changes in share counts, such as using a time-weighted average or snapshot of shares for calculations within a transaction block.
  • Review and enhance validation checks around the totalShares and getTotalPooledEther operations to ensure consistency throughout transaction execution.

Reference(s)