Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lack of slippage control on ERC20TokenEmitter.buyToken #475

Closed
c4-bot-2 opened this issue Dec 21, 2023 · 4 comments
Closed

Lack of slippage control on ERC20TokenEmitter.buyToken #475

c4-bot-2 opened this issue Dec 21, 2023 · 4 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-397 satisfactory satisfies C4 submission criteria; eligible for awards sufficient quality report This report is of sufficient quality

Comments

@c4-bot-2
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/ERC20TokenEmitter.sol#L152-L156

Vulnerability details

Impact

The buyToken function within the ERC20TokenEmitter contract allows users to acquire the governance token using a VRGDA. This function lacks any form of slippage control, which becomes significant in the context of the buyToken function, as the token's price increases exponentially when the supply surpasses the schedule.

Proof of concept

As can be observed by looking at its parameters and implementation, the buyToken function of the ERC20TokenEmitter contract, doesn’t have any type of slippage protection:

    function buyToken(
        address[] calldata addresses,
        uint[] calldata basisPointSplits,
        ProtocolRewardAddresses calldata protocolRewardsRecipients
    ) public payable nonReentrant whenNotPaused returns (uint256 tokensSoldWad) {

This means that users have no control over the number of ERC20 tokens they will receive. Due to the exponential pricing function, there is an incentive to delay token purchases as much as possible.

For instance, if Alice intends to use the buyToken function and has either set a low gas usage or is outpaced by a more sophisticated user, she could end up with far fewer tokens than anticipated.

Tools Used

Manual Review

Recommended Mitigation Steps

An additional parameter could be added to the buyToken function, to let users decide the minimum amount of tokens to be received, with a relative check after minting.

Assessed type

Other
@c4-bot-2 c4-bot-2 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Dec 21, 2023
c4-bot-2 added a commit that referenced this issue Dec 21, 2023
@c4-bot-2
passteque issue #475
7d5dee1
@c4-pre-sort
Copy link

raymondfam marked the issue as sufficient quality report

@c4-pre-sort c4-pre-sort added the sufficient quality report This report is of sufficient quality label Dec 22, 2023
@c4-pre-sort
Copy link

raymondfam marked the issue as duplicate of #26

@c4-pre-sort
Copy link

raymondfam marked the issue as duplicate of #397

@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Jan 6, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Jan 6, 2024

MarioPoneder marked the issue as satisfactory

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-397 satisfactory satisfies C4 submission criteria; eligible for awards sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@c4-judge @c4-pre-sort @c4-bot-2