Lines of code
<https://github.com/code-423n4/2023-03-wenwin/blob/main/src/staking/Staking.sol#L79-L89>
<https://github.com/code-423n4/2023-03-wenwin/blob/main/src/staking/Staking.sol#L103-L106>
<https://github.com/code-423n4/2023-03-wenwin/blob/main/src/staking/Staking.sol#L91-L101>
An attacker can steal a large amount of rewardsToken from the Staking contract by using flashloans, thus all the users will receive less rewards for their staked amounts.
In the Staking contract any user can stake a given amount of stakingToken (which is the LOT token), and the user can immediately withdraw his staked amount as there is no staking period or delay implemented (per the protocol concepts), this introduce an attack surface which uses flashloans to steal large amount of rewardsToken from the Staking contract.
The attack scenario goes as follows :
The attacker takes a flashloan (from a Defi protocol like AAVE) and borrows a large amount of DAI token.
The attacker then exchanges the DAI amount for LOT tokens on the DEX used by the protocol.
Then the attacker stakes the LOT token amount he got in the Staking contract by calling the stake function.
The attacker calls the getReward() function to update his rewards balance, in the Staking contract the reward earned by a given user depends on his staked balance as it can be seen in the code below :
File: Staking.sol Line 61-63
function earned(address account) public view override returns (uint256 _earned) {
return balanceOf(account) * (rewardPerToken() - userRewardPerTokenPaid[account]) / 1e18 + rewards[account];
}
So as the reward accrued is propotional to balanceOf(account) the attacker will get a large amount of rewards due to his large staked amount from the flashloan.
The outcome of this attack is that the attacker has stole a large amount of rewardsToken from the Staking contract and all the users that have previously staked their tokens will receive a very small amount of rewards and potentially none if the attacker manages to drain almost all of them.
Manual review
To avoid this issue i recommend to add a short delay between the moment a user stakes his funds and the moment he can withdraw them, this delay will ensure that the flashloans can not be used to steal the rewards funds.
Additionally this delay can be very short for example few minutes and will not go against the spirit of the protocol.
The text was updated successfully, but these errors were encountered:
All reactions