BUG: Leverage Bot Fails to set min price on repay. User Lost nearly $2K

[taariq]

You did NOT set min price properly

Sandwich spotted in tricrypto2

Frontrun: 168 WETH ➛ 403,614 USDT Center: 16.56 WETH ➛ 38,910 USDT Backrun: 403,614 USDT ➛ 168 WETH

Leverage Bot Affected Contract: 0xE79a404E31692C3043a0B03d9207D794598C3cf6

0xb95..03 lost 1,658 USDT (that's -4.09% slippage, or $1655.92)

Transaction hash: https://etherscan.io/tx/0x36dde5e9f96cb533ecb25c5fb4526fd0507f8ddc38aea808a01f9499c77f8ca2

[taariq]

@wc117 is there no slippage protection on Lending Bot repayment as well?

[verabehr]

I found this transaction is run by the user on UI. So I checked UI code. I think there will be some calculation error in UI. https://github.com/VolumeFi/palomabot/blob/1ccfcfea06f22022c3371fbe24a5b99288572dd8/hooks/useCurveSwapUpdated.tsx#L305 I am not sure exactly but we need to use entire collateral to calculate minRecv but initial collateral used. That's why we got too small minRecv and we made sandwich possible. Please check this code part.

[verabehr]

assigning to @rootedbox to confirm if we need a similar fix in the backend script or if the collateral token is already updated

[rootedbox]

we are always getting latest collateral.