Smart Contract Security - ThunderLoan Repay Final Functions

Support

_Follow along with the video lesson:_ --- ### ThunderLoan.sol - Repay and Final Functions We'll wrap up our first pass of `ThunderLoan.sol` in this lesson! We've only got a few functions remaining, so let's get started straight away with reviewing the `repay` function. ```js // @Audit-Informational: Where's the NATSPEC? function repay(IERC20 token, uint256 amount) public { if (!s_currentlyFlashLoaning[token]) { revert ThunderLoan__NotCurrentlyFlashLoaning(); } AssetToken assetToken = s_tokenToAssetToken[token]; token.safeTransferFrom(msg.sender, address(assetToken), amount); } ``` `repay`, in this circumstance, serves as a helper function more than anything. A user taking a flash loan could also just call `transfer`, in their `executeOperations` function, to return the borrowed funds, but this exists to make things a little easier. Repay performs a check to assure a token is in the `currentlyFlashLoaning` state before performing any transfers. Moving on! ### getCalculatedFee We've seen `getCalculatedFee` pop up a few times in our recon of `Thunder Loan`, but never really took the time to see how it works. Well, now's the time! ```js function getCalculatedFee(IERC20 token, uint256 amount) public view returns (uint256 fee) { uint256 valueOfBorrowedToken = (amount * getPriceInWeth(address(token))) / s_feePrecision; fee = (valueOfBorrowedToken * s_flashLoanFee) / s_feePrecision; } ``` - **token** - token being borrowed - **amount** - amount being borrowed This function is calling `getPriceInWeth` (inherited from `OracleUpgradeable.sol`), and if we swing back to that contract some additional pieces will fall into play for us. ```js function getPriceInWeth(address token) public view returns (uint256) { address swapPoolOfToken = IPoolFactory(s_poolFactory).getPool(token); return ITSwapPool(swapPoolOfToken).getPriceOfOnePoolTokenInWeth(); } ``` This function is where TSwap comes into play! We're using `TSwap` to determine what the price of a given token is in WETH. This also tells us that the fees being calculated in `getCalculatedFee` are actually based on the value or price, not the number of tokens. > **Remember:** `s_flashLoanFee` is an initialized constant set to 3e15 aka 3%. `s_feePrecision` is another constant, set to 1e18. At this point, I'll say it's really beneficial for us as security researches to perhaps go a little out of scope to better understand `TSwap` and how it handles requests like these. Fom `TSwap` we can see: ```js function getPriceOfOnePoolTokenInWeth() external view returns(uint256){ return getOutputAmountBasedOnInput( 1e18, ipoolToken.balanceOf(address(this)), i_wethToken.balanceOf(address(this)) ); } ``` Hmm. This all seems to be pretty secure! 1e18 stands out in this function in TSwap for me though. We should be keeping in the back of our mind that USDC is expected to be compatible with `Thunder Loan`. So it begs the question: ```js // @Audit-Question: What happens if a token has 6 decimals? Is the price wrong? ``` Some good questions asked in the `getCalculatedFee` function. Leave some notes and we'll come back to them soon. ### Remaining Functions First up - updateFlashLoanFee. ```js function updateFlashLoanFee(uint256 newFee) external onlyOwner { if (newFee > s_feePrecision) { revert ThunderLoan__BadNewFee(); } s_flashLoanFee = newFee; } ``` This function is pretty clear, this allows the owner to set a new `flash loan` fee. The function performs a check which assures that the new fee must be less than or equal to 100%, makes sense. The next several functions are view functions/getters. Always worth checking, but these all look good to me: ```js function isAllowedToken(IERC20 token) public view returns (bool) { return address(s_tokenToAssetToken[token]) != address(0); } function getAssetFromToken(IERC20 token) public view returns (AssetToken) { return s_tokenToAssetToken[token]; } function isCurrentlyFlashLoaning(IERC20 token) public view returns (bool) { return s_currentlyFlashLoaning[token]; } function getFee() external view returns (uint256) { return s_flashLoanFee; } function getFeePrecision() external view returns (uint256) { return s_feePrecision; } ``` > **Protip:** Keep an eye out for instances where view functions aren't called internally. These can be limited to external visibility for gas savings! Now, the final line of this contract may seem subtle or innocuous, but it's incredibly important. ```js function _authorizeUpgrade(address newImplementation) internal override onlyOwner { } ``` This line is part of the `UUPSUpgradeable` library and effectively authorized the upgrade of the protocol to a new implementation. This internal function is overridden and has had access control added such that _only the protocol owner may call it_. A small line, but potentially _very_ impactful. ### Wrap Up Well - we've completed our whole first pass of this code base (save the upgrade to ThunderLoan) and we didn't find anything significant!? ::image{src='/security-section-6/35-thunderloan-repay-final-functions/thunderloan-repay-final-functions1.png' style='width: 100%; height: auto;'} In this process we've gained a tonne of context and understanding, but we've also left a number of unanswered questions throughout the code. I think our best approach is going to be diving into the questions we've left ourselves, answering them and seeing what becomes of them. See you in the next lesson!

ThunderLoan Repay Final Functions

Focuses on the repay function and getCalculatedFee function, highlighting their features and potential areas of improvement.

Solidity Developer

Smart Contract Security

Course Introduction

Duration: 25min

Section 1: Review

Duration: 1h 18min

Section 2: What is a smart contract audit

Duration: 35min

Section 3: Your First Audit | PasswordStore

Duration: 2h 28min

Section 4: Puppy raffle

Duration: 5h 03min

Section 5: TSwap

Duration: 5h 22min

Section 6: Thunder Loan

Duration: 4h 33min

1. Introduction

Introducing the Thunder Loan protocol, based off Aave/Compound. Section covers borrowing and lending, pricing information, and upgradeable contracts. Duration: 6min

2. Phase 1: Scoping

Patrick dives into the scoping phase of Thunder Loan. Known issues found in the code base are discussed. Duration: 4min

3. Reading The Docs

Patrick showcases Aave & Compound integration, allowing users to create flash loans and liquidity providers to earn from deposits. Duration: 4min

4. What is a Flash Loan?

Patrick explains DEX arbitrage using an example and introduces flash loans for Web3 finance. Duration: 4min

5. Pay Back Or Revert

Dives deeper into how flashloans work and the requirement of repayment in a single transaction. Duration: 4min

6. Liquidity Providers

Overview - Flash Loans & Liquidity Providers.' Emphasis on liquidity providers, flash loans, transaction fees, and benefits for depositors. Duration: 2min

7. Arbitrage Walkthrough

How flash loans enable smaller traders to capitalize on arbitrage opportunities. Covers the significance of single transaction paybacks. Duration: 5min

8. Are Flash Loans Bad?

Flash loans: Leverage arbitrage in DeFi, enabling all users to act like 'whales' without needing significant wealth. Duration: 1min

9. Recap

We're provided a summary of flash loans, arbitrage and how it all works in this recap of what we've just learnt. Duration: 3min

10. Recon Continued

A quick guide to understanding the basis of borrowing/lending through flash loans. Emphasis on smart contract upgradeability and interactions in DeFi systems. Duration: 4min

11. Static Analysis - Slither & Aderyn

Learn how to use Slither & Aderyn by applying these powerful static analysis tools to Thunder Loan! Duration: 7min

12. Exploit: Centralization

Learn the impact of centralization and discuss the importance of reporting such risks in private audits. Highlights case studies like Oasis. Duration: 3min

13. Case Study: Oasis

Learn all about the Oasis court case and explore its significant implications in the DeFi ecosystem in this case study. Duration: 3min

14. Static Analysis Continued

Patrick continues to go through the findings of our static analysis tools: Slither & Aderyn. Duration: 3min

15. Recon IPoolFactory

Patrick provides a walkthrough for conducting a first pass review of IPoolFactory.sol. Duration: 6min

16. ITSwapPool.sol

Patrick conducts a quick review on the surprisingly simple ITSwapPool.sol interface. Duration: 2min

17. IThunderLoan.sol

Patrick highlights inconsistencies between a Thunder Loan contract and its interface. Duration: 3min

18. IFlashloanReceiver.sol

Learn the significance of checking for NATSPEC, reviewing code thoroughly, and understanding code structure for identifying possible vulnerabilities. Duration: 7min

19. OracleUpgradeable.sol

Learn the "Tincho" method for upgradeable contracts, highlighting proxies and initializable contracts without constructors. Duration: 5min

20. Exploit: Failure To Initialize

Learn the importance of properly initializing during set up to prevent unauthorized changes to a protocol. Duration: 3min

21. Failure To Initialize: Remix

Showcasing the failure to initialize vulnerability within Remix! Duration: 2min

22. Case Study: Failure To Initialize

Dive into the Parity Wallet case study on the consequences of failing to initialize. Duration: 3min

23. OracleUpgradeable Continued

"GetPriceInWeth" Function Inspection. Duration: 4min

24. AssetToken.sol

Reviewing the functionality of AssetToken.sol and understanding how the code works. Duration: 10min

25. AssetToken.sol:updateExchangeRate

Patrick reviews the updateExchangeRate function, highlighting key parameters like fees, total supply, and potential gas usage issues. Duration: 6min

26. Thunderloan: Starting At The Top

Patrick begins his review of ThunderLoan.sol with an assessment of imports. Duration: 9min

27. ThunderLoan Functions

Explore key functions like deposit and setAllowedToken. Security is emphasized through thorough documentation. Duration: 8min

28. Testing Deleting Mappings

Patrick demonstrates using Chisel to test mapping deletion in a handler. Duration: 3min

29. Note On Linear Progress

Patrick touches on the linear vs non-linear nature of security reviews. Duration: 2min

30. ThunderLoan Continued

Patrick covers depositing an asset token, setting up the exchange rate and transferring funds to the Asset Token contract. Duration: 5min

31. Diagramming ThunderLoan

Patrick walks through diagramming Thunder Loan with emphasis on visualization using diagrams for better comprehension. Duration: 1min

32. ThunderLoan.sol Redeem

Token Deposit & Redemption, NAT Spec & Exchange Rates. Importance of clear docs, maths checks, avoiding re-entrancy attacks, using Chisel for code verification. Duration: 5min

33. ThunderLoan flashLoan

A review of the flashLoan function in ThunderLoan.sol. Patrick continues his search for vulnerabilities. Duration: 14min

34. Note On Being Discouraged

'Discouragement during security review: Non-linear progress & perseverance.' Patrick highlights important points on remaining motivated. Duration: 1min

35. ThunderLoan Repay Final Functions

Focuses on the repay function and getCalculatedFee function, highlighting their features and potential areas of improvement. Duration: 8min

36. Answering Our Questions

Patrick begins answering the questions we posed earlier in our review of Thunder Loan based on our scoping experience. Duration: 9min

37. Improving Test Coverage To Find A High

Writing tests to improve code base coverage can be a great way to spot vulnerabilities early in a review, Patrick demonstrates. Duration: 16min

38. Exploit: Oracle Manipulation

Patrick uncovers and details an oracle manipulation vulnerability within Thunder Loan. Duration: 2min

39. Oracle Manipulation: Minimized

Patrick showcases a minimalistic example of the Oracle Manipulation vulnerability. Duration: 10min

40. Oracle Manipulation: ThunderLoan Poc

Patrick walks through a proof of code for our identified oracle manipulation vulnerability. Duration: 29min

41. Oracle Manipulation: Recap

Flash Loan Exploits & Manipulating DEX Prices Duration: 3min

42. Exploit: Deposit Instead Of Repay

Patrick identifies storage slot swaps that occur in the upgrade process of Thunder Loan potentially leading to storage collisions! Duration: 17min

43. Exploit: Storage Collision

Dive deep into data storage in Solidity smart contracts, including variables, mappings, arrays, constants, and function-declared variables. Duration: 3min

44. Storage Collision: Diagram

Explore a Remix demonstration of storage collision and the dive into the potential impacts of it on upgradeable smart contract protocols. Duration: 2min

45. Storage Collision: Remix Example

Patrick explains how to set up and run an assertion test for detecting storage collisions during smart contract upgrades. Duration: 4min

46. Storage Collision: PoC

Patrick walks through the proof of code for our discovered storage collision vulnerability. Duration: 3min

47. Reporting: Storage Collision

Learn about storage collision in upgradeable contracts. Addresses the significance of proxies and their role in centralization within Web3. Duration: 7min

48. Wrapping Up

Learn to create your own audit report with Pandoc! Patrick encourages you to sign up for first flights and join competitive audits on CodeHawks. Duration: 2min

49. Section 6 Recap

Patrick emphasizes the importance of knowing popular protocols. He recaps exploits like failure to initialize, storage collisions, centralization, oracle price manipulation. Duration: 6min

Section 7: Boss Bridge

Duration: 2h 01min

Section 8: MEV & Governance

Duration: 1h 40min