Vader Protocol contest - certora's results

Handle

certora

Vulnerability details

https://github.com/code-423n4/2021-12-vader/blob/main/contracts/dex-v2/pool/VaderPoolV2.sol#L153 mintSynth is vulnerable to price manipulation. amountSynth is calculated based on the current price, which can be manipulated.

Impact

Pool funds can be stolen.

Proof of Concept

pool funds can be stolen in the following steps: take a flashloan of foreignAsset. swap the loan amount to the native asset, thus raising its price. call mintSynth to mint synth for cheap price. swap the native asset from the swap back to foreignAsset. burn all synth for a high price. swap some of the native asset to foreignAsset to have enough funds to repay the flashloan. repay the flash loan and take the profit.

burnSynth is also vulnerable to price manipulation!

Handle

certora

Vulnerability details

https://github.com/code-423n4/2021-12-vader/blob/main/contracts/x-vader/XVader.sol#L31 xVADERToMint can be rounded down to zero. It is very likely if the ratio totalVader / totalShares is very large.

Impact

users funds can be stolen.

Proof of Concept

consider the following scenario: the XVader contract is created. An attacker calls enter in XVder with _amount == 1. one share will be minted, because totalShares == 0. then the attacker transfers 1,000,000 vader to the contract. now another user calls enter with _amount == 500,000 the amount of shares that would be minted is: (_amount * totalShares) / totalVader, which is (500000 * 1) / 1000000 == 0 the user paid 500000 vader and got nothing, the attacker still holds all of the shares. then the attacker calls leave and gets 1,500,000 vader (they stole all vader from the second user)

Recommended Mitigation Steps

add:

require(xVADERToMint > 0);