Liquidations can be sandwich attacked

[code423n4]

Email address

mail@cmichel.io

Handle

@cmichelio

Eth address

0x6823636c2462cfdcD8d33fE53fBCD0EdbE2752ad

Vulnerability details

The liquidation functions liquidateToPeg/liquidateFromPeg uses a minReturn value of zero which allows infinite slippage. An attacker can frontrun a liquidation trade by buying up the same asset, driving the price higher and resulting in the liquidator receiving fewer tokens. The attacker then backruns the trade by selling the tokens received by their first trade again for a profit. (sandwich attack)

Impact

Liquidators earn less profit

Recommended mitigation steps

Let liquidators define minReturn amounts.

[werg]

This is a cost of doing business on AMMs and underscores the importance of choosing pairs with high liquidity

[zscole]

Sandwich attacks are inherent to AMMs, so this isn’t a unique issue presented by the MarginSwap implementation. With this in mind, I’m downgrading the risk from a proposed medium severity to no severity.