Closed code423n4 closed 3 years ago
Sandwich attacks don't work with slip-based fees, since the attacker pays more than they can gain by moving up and then back down.
Our decision matrix for severity:
0: No-risk: Code style, clarity, off-chain monitoring (events etc), exclude gas-optimisations 1: Low Risk: UX, state handling, function incorrect as to spec 2: Funds-Not-At-Risk, but can impact the functioning of the protocol, or leak value with a hypothetical attack path with stated assumptions, but external requirements 3: Funds can be stolen/lost directly, or indirectly if a valid attack path shown that does not have handwavey hypotheticals.
Recommended: 0
Handle
@cmichelio
Vulnerability details
Vulnerability Details
When debt is repaid the
Router.repayForMember
function performs a swap to buy back debt:A swap of large trade order size can be sandwich-attacked as it does not have any slippage protection.
Impact
Using this tactic an attacker can potentially make a profit and the attacker's profit is the protocol reserve's loss.
Recommended Mitigation Steps
One may not trust that the current pool spot price reflects the market price. Could use TWAP oracles and have a slippage parameter that is compared against the TWAP price.