The rewardDistributor:_depositIntoBalancerPool uses totalSupply from the balance pool to calculate the expected BPT amount out. But the balancer docs recommend using getActualSupply instead of totalSupply.
Vulnerability Details
totalSupply function in the balancer doesn’t account for protocol fees and unminted tokens which means the totalSupply doesn't' correctly reflect the actual supply of BPT. The balancer recommends using getActualSupply to get the correct total supply of the BPT tokens.
uint256 bptAmountOut = WeightedMath._calcBptOutGivenExactTokensIn(
balances,
_normalizedWeights,
amountsIn,
IERC20(address(balancerPool)).totalSupply(), //@audit should use getActualSupply
balancerPool.getSwapFeePercentage()
);
bptAmountOut here acts like a slippage protection for add liquidity and this parameter is very important for sandwich protection. If the total supply is used instead of getActualSupply then the bptAmountOut can be significantly low and this can be vulnerable to sandwich attacks resulting in the loss of BPT for a user.
##Recommedation use getActualSupply instead of totalSupply
Proof of Concept
Here I have added a new interface IBalancerPool, edited the RewardDistributor:_depositIntoBalancerPool in RewardDistributor and used getTotalSupply to get bptAmountOut2 The console log is used to show the difference between the two outputs.
function testGetActualSupply() public {
uint256 period = minter.activePeriod();
// Create a veALCX token and vote to trigger voter rewards
uint256 tokenId = createVeAlcx(admin, TOKEN_1, MAXTIME, false);
address bribeAddress = voter.bribes(address(sushiGauge));
createThirdPartyBribe(bribeAddress, bal, TOKEN_100K);
address[] memory pools = new address[](1);
pools[0] = sushiPoolAddress;
uint256[] memory weights = new uint256[](1);
weights[0] = 5000;
address[] memory bribes = new address[](1);
bribes[0] = address(bribeAddress);
address[][] memory tokens = new address[][](2);
tokens[0] = new address[](1);
tokens[0][0] = bal;
hevm.startPrank(admin);
veALCX.approve(beef, tokenId);
hevm.stopPrank();
hevm.startPrank(beef);
voter.vote(tokenId, pools, weights, 0);
// Move forward a week relative to period
hevm.warp(period + nextEpoch);
voter.distribute();
hevm.deal(beef, 10e18); // Sendt 10 ether to admin
// 10 ether should be enough to pair with ALCX
distributor.claim{ value: 10e18 }(tokenId, true); // Opt for compounding
hevm.stopPrank();
}
Console Outputs
Ran 1 test for src/test/Voting.t.sol:VotingTest
[PASS] testGetActualSupply() (gas: 4931022)
Logs:
bptAmountOut < bptAmountOut2 and diff is 130532624887077104
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 142.81s (116.42s CPU time)
Ran 1 test suite in 143.73s (142.81s CPU time): 1 tests passed, 0 failed, 0 skipped (1 total tests)
As we can see the bptAmountOut2 calculated using getTotalSupply is greater than bptAmountOut. The difference here might seem small but this will largely depend on the trading volume of the balancer pool.
Users can receive less BPT because of sandwich attacks resulting in the loss of unclaimed yield for the user. Please follow and
