ERC20BalanceTier Manual Review Findings

ERB-01M: Balance Flash-Loan Susceptibility

Type	Severity	Location
Language Specific		ERC20BalanceTier.sol:L74-L80

Description:

The linked report function utilizes a spot balanceOf check that is fully susceptible to flash-loans and loans in general and as such should not be considered a secure way of evaluating tiers.

Example:

Copy
72/// Report simply truncates all tiers above the highest value held.
73/// @inheritdoc ITier
74function report(address account_) public view override returns (uint256) {
75    return
76        TierReport.truncateTiersAbove(
77            TierConstants.ALWAYS,
78            valueToTier(tierValues(), erc20.balanceOf(account_))
79        );
80}

Recommendation:

We advise this to be clearly depicted in the function's documentation and if a more secure approach is desired, we advise a cooldown-based simple stake mechanism to be imposed for one block that ensures the funds do not come from flash-loan sources.

Alleviation:

The documentation of the function was expanded to showcase that this is a generally insecure check and that it should be used in conjunction with a token implementation known to not allow transfers / balance changes. As a result, we consider this exhibit adequately dealt with.