GalloDaSballo
commented
2 years ago Agree with finding, agree with severity as this allows to "leak value"
Open code423n4 opened 3 years ago
GalloDaSballo
commented
2 years ago Agree with finding, agree with severity as this allows to "leak value"
Handle
jonah1005
Vulnerability details
Impact
The protocol frequently interacts with crv a lot. However, the contract doesn't specify the minimum return amount. Given the fact that there's a lot of MEV searchers, calling swap without specifying the minimum return amount really puts user funds in danger.
For example, controller's
withdrawAllis designed to transfer all the funds in a strategy.Controller.sol#L360 The arbitrage space is enough for a searcher to sandwich this trade.Proof of Concept
Mansger.sol#L442-L452
Controller.sol#L273
Tools Used
None
Recommended Mitigation Steps
Always calculates an estimated return when calling to crv.