No slippage protection will lead to loss of funds intended or unintended

[maarcweiss]

TITLE (Division before Multiplication can lead to 0 return price and a not-accurate price)

The vulnerability relies on the following contract: https://github.com/PlutusDAO/plvGLP-looper/blob/9cb8dbc16183e7526382a07db259e61a1e1b191c/contracts/Ploopy.sol#L77-L82

The problem is that when trying to mint and stake GLP, there is no amount minimum to get in each for the tokens you use to pay for the glp. Therefore you have basically no slippage protection. Literally, you are saying that you would take 1 token even if you should take 200. It will not be that hard if there is no manipulation intended, but yet due to market volatility. It is not uncommon to see slippage of 10% which you do not have protection for it. So, you would lose 10 % of the funds used in that case.

SEVERITY (either high or medium, see the rules)

HIGH, loss of funds due to no slippage protection

A LINK TO THE GITHUB ISSUE

https://github.com/PlutusDAO/plvGLP-looper/blob/9cb8dbc16183e7526382a07db259e61a1e1b191c/contracts/Ploopy.sol#L77-L82

SOLUTION

Add amountMin to receive when minting GLP tokens:

uint256 glpAmount = REWARD_ROUTER_V2.mintAndStakeGlp(
  address(data.borrowedToken),
  data.borrowedAmount,
  0, //addAmountMin
  0
);

[0xAppo]

This is in the wrong repository, but regardless there are a couple things wrong here. The first one being that GLP does not experience slippage in the same way that a traditional liquidity pool does, the mint amount is determined by the price of the asset along with that asset's fees at the time of minting. The second thing is that as this is a flash loan function, if a situation were to arise where the fees/spread on minting GLP with USDC were so high such that the amount of USDC able to be borrowed was less than the flash loaned amount, the transaction will revert because the loan could not be repaid. Closing this for wrong repo and non-issue.

Edit: clarified description of why transaction would revert