Maple Finance - Maple Core

An attacker can cause the pool to burn BPTs at highly unfavorable rates, upon handling a default.

Upon a loan default, a pool will claim the available loan funds--function claim in Pool. Anyone can call this function and it will eventually invoke handleDefault in PoolLib. This function burns BPT on Balancer using exitswapExternAmountOut and passing it infinity as the BPT number to burn (i.e., as many as needed to recover a certain amount of liquidityAsset). But Balancer is an AMM, so its pricing can be manipulated inside a single transaction via flash loan. Manipulation of the pool can yield profit for the attacker, up to the value of BPTs being burned.

Loan liquidation can be forced to suffer max slippage (10%). An attacker can make the liquidation of collateral for a defaulting loan to be done at prices 10% lower, via flash loan manipulation of the Uniswap pool.

Specifically, either anyone (after the extended grace period) or an LP provider (after the grace period but during the extended grace period) can call triggerDefault on a loan. This will eventually call triggerDefault in LoanLib, which will swap the collateral for the loan asset on Uniswap. The attacker can manipulate the Uniswap pool beforehand (e.g., via flash loan) so that it is tilted and offers 10% lower prices for the collateral asset. 10% slippage is accepted by the code (since the difference in exchange rates between Uniswap and Chainlink oracles can be significant). However, the scenario described is a predictable, repeatable attack.

A pool delegate can subvert the check that a pool is well-staked (performed in Pool.finalize).

The pool delegate can take a flash loan and perform a Balancer manipulation attack, so that the check getInitialStakeRequirements in finalize, which calls the Balancer pool, succeeds. The value of the BPTs is checked against real monetary values, so the caller can make BPTs temporarily appear very expensive.

Some ERC20 operations (transfer, transferFrom and approve) will fail, if the underlying token is not fully compliant with the ERC20 standard, as it is possible that they do not return a boolean value for the aforementioned operations to indicate the success of the call (most notable exception is USDT).

It is recommended that the OpenZeppelin SafeERC20 wrappers be used for these operations, to ensure compatibility with such tokens.

MapleGlobals.isValidCalc should be defined as a view function.

No need for public withdrawFundsOnBehalf in FDT (really, Loan).

Several contract fields are only set during the contracts’ creation. They could use the immutable modifier to reduce the gas costs of their uses.

• PremiumCalc: premiumBips

• LateFeeCalc: feeBips

• FDT: fundsToken

• MapleTreasury: mpl, fundsToken, uniswapRouter

• MapleGlobals: mpl

• Pool: stakingFee, delegateFee

• Loan: apr, termDays, paymentIntervalSeconds, collateralRatio, fundingPeriodSeconds, createdAt

• ChainlinkOracle: assetAddress

StakeLocker.canUnstake() relies on low-level constants of Pool. We suggest refactoring the code to hide these, in order to improve readability.

The depositDate calculation has mildly surprising consequences, especially apparent in later stages of the protocol, when lockupPeriod < penaltyDelay. The linear re-balancing of depositDate when funds are added loses information and may serve as a counter-incentive to deposits. Example:

• lockupPeriod is 0, penaltyDelay is 1yr
• user deposited 10K USDC, a year ago. User’s depositDate is now - 1yr
• user deposits another 10K USDC. User’s depositDate becomes now - 6months
• user finds themselves in need of some cash. Withdraws 5K USDC and pays penalty as if all 20K were deposited 6 months ago, although the user had 10K (i.e., more than what they are trying to withdraw) deposited a year ago.

There are a few instances of local variables that are not being explicitly initialized (assumed to be zero when first used):

• penalty in PoolLib.calcWithdrawPenalty
• Return value in BasicFDT._updateFundsTokenBalance
• losses in ExtendedFTD.recognizeLosses
• Return value in ExtendedFDT._updateLossesBalance

In LoanFactory.isValidGovernor, LoanFactory.isValidGovernorOrAdmin, and LoanFactory._whenProtocolNotPaused the revert messages refer to PoolFactory.

In PoolFactory._whenProtocolNotPaused and LoanFactory._whenProtocolNotPaused the natspec comments are wrong.

The contracts were compiled with the Solidity compiler v0.6.11 which has some known minor issues (but relatively few, compared to earlier versions). We have reviewed the issues and do not believe them to affect the contract. More specifically, at the time of writing, there are 2 known compiler bugs associated with the Solidity compiler v0.6.11:

• Copying an empty bytes or string array from memory to storage can cause data corruption:

• This could affect the name and symbol fields of several FDT tokens (without leading to any exploits). However the fact that these contracts are created using the appropriate factories with generated names eliminates this issue.

• Direct assignments of storage arrays with an element size <= 16 bytes (more than one values fit in one 32 byte word) are not correctly cleared if the length of the newly assigned value is smaller than the length of the previous one. (No such array is ever stored.)

In LoanFactory.isValidGovernor, LoanFactory.isValidGovernorOrAdmin, and LoanFactory._whenProtocolNotPaused the revert messages refer to PoolFactory.

In PoolFactory._whenProtocolNotPaused and LoanFactory._whenProtocolNotPaused the natspec comments are wrong.