Security: Price Manipulation in function amountForShare
smartsmartsec opened this issue · 0 comments
Attack type
Remote
Impact
- Other: Potential financial loss or gain due to manipulation of share calculations, affecting fair distribution of assets.
Affected component(s)
function amountForShare
in LiquidityPool.sol
Attack vector(s)
A malicious actor could manipulate the totalShares
variable by significantly increasing or decreasing their shares right before executing the amountForShare
function, which could adversely affect the exchange ratio for other users.
Suggested description of the vulnerability for use in the CVE
The amountForShare
function in the Ether.fi smart contract is vulnerable to timing attacks where the return value can be manipulated by sudden changes in totalShares
. An attacker could perform large transactions that drastically alter the totalShares
value right before executing this function, leading to a miscalculation in the amount returned per share. This vulnerability allows for a possible unfair advantage or loss, impacting the financial integrity of the platform.
Discoverer(s)/Credits
xFuzz
Proposed Solution
- Implement mechanisms to mitigate the impact of large, rapid changes in share counts, such as using a time-weighted average or snapshot of shares for calculations within a transaction block.
- Review and enhance validation checks around the
totalShares
andgetTotalPooledEther
operations to ensure consistency throughout transaction execution.
Reference(s)
- https://github.com/etherfi-protocol/smart-contracts/blob/master/src/LiquidityPool.sol
- https://etherscan.io/address/0x308861A430be4cce5502d0A12724771Fc6DaF216?utm_source=immunefi#code
- https://code4rena.com/reports/2021-08-notional#h-10-liquidity-token-value-can-be-manipulated
- https://code4rena.com/reports/2021-07-spartan#h-06-synthvault-rewards-can-be-gamed