Closed code423n4 closed 2 years ago
WatchPug
https://github.com/code-423n4/2022-01-sandclock/blob/a90ad3824955327597be00bb0bd183a9c228a4fb/sandclock/contracts/strategy/NonUSTStrategy.sol#L74-L85
function _swapUnderlyingToUst() internal { uint256 underlyingBalance = _getUnderlyingBalance(); if (underlyingBalance > 0) { // slither-disable-next-line unused-return curvePool.exchange_underlying( underlyingI, ustI, underlyingBalance, 0 ); } }
The current implementation of doHardWork() and finishRedeemStable() -> _swapUnderlyingToUst() and _swapUstToUnderlying() provides no parameter for slippage control, making it vulnerable to front-run attacks.
doHardWork()
finishRedeemStable()
_swapUnderlyingToUst()
_swapUstToUnderlying()
Consider adding a amountOutMin parameter.
amountOutMin
duplicate of #7
naps62
commented
2 years ago
Handle
WatchPug
Vulnerability details
https://github.com/code-423n4/2022-01-sandclock/blob/a90ad3824955327597be00bb0bd183a9c228a4fb/sandclock/contracts/strategy/NonUSTStrategy.sol#L74-L85
The current implementation of
doHardWork()andfinishRedeemStable()->_swapUnderlyingToUst()and_swapUstToUnderlying()provides no parameter for slippage control, making it vulnerable to front-run attacks.Recommendation
Consider adding a
amountOutMinparameter.