Boxy Rouge Eel
High
The DebitaIncentives.sol::claimIncentives is vulnerable to a flash loan exploitAn attacker can manipulate the calculation of rewards (porcentageLent and porcentageBorrow) by temporarily inflating their lentAmount and borrowAmount through a flash loan. This allows the attacker to claim a disproportionately large share of the rewards for an epoch. The vulnerability arises from the absence of key mitigations, such as historical snapshots of balances or lock-in periods, which could prevent transient manipulations of lending and borrowing amounts.
No response
No response
No response
No response
A malicious actor can drain a significant portion of the protocol's reward pool, leading to losses for honest users.
- Preparation:
- Identify the lending and borrowing principles mechanisms that affect lentAmount and borrowAmount.
- Select a token and an epoch with substantial rewards allocated.
- Execution:
- Use a flash loan to borrow a large amount of the token.
- Deposit this borrowed amount to inflate lentAmount.
- Simultaneously, borrow a large amount to inflate borrowAmount.
- Exploit:
- Call the claimIncentives function, leveraging the inflated porcentageLent and porcentageBorrow to claim a disproportionately high share of the epoch's rewards.
- Profit: Repay the flash loan, leaving the attacker with the rewards minus the flash loan fee
Require lending and borrowing positions to remain locked for a minimum duration within an epoch to be eligible for rewards.