PHOAM-008: Adversaries can sandwich attack swaps for profit

[gangov]

Location

./contracts/trader/src/contract.rs:135

Description Calls to the trade_token function in the trader contract are vulnerable to sandwich attacks because the ask_min_amount parameter passed to the swap function is always set to 0 (None). This allows an adversary to profit from the user's swap as long as the price spread does not exceed the max_spread_bps, causing the victim to receive fewer tokens than expected.

An adversary monitoring the mempool can place a buy order for the same token pair by front-running the user's transaction. This buy order increases the price of the token the user wants to buy. When the user's transaction is executed, it occurs at the higher price, resulting in the user receiving fewer tokens than expected (up to the amount allowed by max_spread_bps). Finally, the attacker places a sell order immediately after the user's transaction. The increased demand from the user's transaction temporarily inflates the token's price, allowing the attacker to sell the tokens at this higher price and profit from the price difference.

Recommendation Allow users of the trader contract to specify an ask_asset_min_amount value when swapping tokens.