The protocol frequently interacts with crv a lot. However, the contract doesn't specify the minimum return amount.
Given the fact that there's a lot of MEV searchers, calling swap without specifying the minimum return amount really puts user funds in danger.
For example, controller's withdrawAll is designed to transfer all the funds in a strategy.Controller.sol#L360 The arbitrage space is enough for a searcher to sandwich this trade.
Handle
jonah1005
Vulnerability details
Impact
The protocol frequently interacts with crv a lot. However, the contract doesn't specify the minimum return amount. Given the fact that there's a lot of MEV searchers, calling swap without specifying the minimum return amount really puts user funds in danger.
For example, controller's
withdrawAll
is designed to transfer all the funds in a strategy.Controller.sol#L360 The arbitrage space is enough for a searcher to sandwich this trade.Proof of Concept
Mansger.sol#L442-L452
Controller.sol#L273
Tools Used
None
Recommended Mitigation Steps
Always calculates an estimated return when calling to crv.