search

code-423n4 / 2021-09-yaxis-findings

0 stars 0 forks source link

Vault.withdraw can be unfair #136

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

0xsanson

Vulnerability details

Impact

In the Vault.withdraw function an user burns _shares quantity of VaultTokens to get _amount of outputTokens back from the vault. If the vault doesn't have enough tokens, even after withdrawing from the controller, they receive less tokens than they should; in other terms, they could have burned less tokens to receive the same output quantity. Even if the users check the vault before sending the withdraw transaction, they can still be frontrun since there's no slippage-like parameter.

Tools Used

editor

Recommended Mitigation Steps

Suggested adding a way to compensate an user. For example by giving change in VaultTokens.

uN2RVw5q commented 2 years ago

Duplicate of https://github.com/code-423n4/2021-09-yaxis-findings/issues/41 and https://github.com/code-423n4/2021-09-yaxis-findings/issues/121

GalloDaSballo commented 2 years ago

Duplicate of #121