Lines of code
<https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/token/PeUSDMainnetStableVision.sol#L129-L139>
<https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/token/PeUSDMainnetStableVision.sol#L156-L158>
In PeUSDMainnetStableVision.sol,
File: contracts/lybra/token/PeUSDMainnetStableVision.sol
interface FlashBorrower {
/// @notice Flash loan callback
/// @param amount The amount of tokens received
/// @param data Forwarded data from the flash loan request
/// @dev Called after receiving the requested flash loan, should return tokens + any fees before the end of the transaction
function onFlashLoan(uint256 amount, bytes calldata data) external;
}
function executeFlashloan(FlashBorrower receiver, uint256 eusdAmount, bytes calldata data) public payable {
uint256 shareAmount = EUSD.getSharesByMintedEUSD(eusdAmount);
EUSD.transferShares(address(receiver), shareAmount);
receiver.onFlashLoan(shareAmount, data);
bool success = EUSD.transferFrom(address(receiver), address(this), EUSD.getMintedEUSDByShares(shareAmount));
require(success, "TF");
uint256 burnShare = getFee(shareAmount);
EUSD.burnShares(address(receiver), burnShare);
emit Flashloaned(receiver, eusdAmount, burnShare);
}
function getFee(uint256 share) public view returns (uint256) {
return (share * configurator.flashloanFee()) / 10_000;
}
The issue here is that the functions and interface does not comply with eip-3156.
ERC-3156: Flash Loans has given design guidlines and security requirements which must be taken care while using the flashloan functions.
Reference link- <https://eips.ethereum.org/EIPS/eip-3156>
Manual review
Follow eip-3156 and revise the contract functions accordingly.
Other
The text was updated successfully, but these errors were encountered:
All reactions