Open code423n4 opened 2 years ago
Mathepreneur
commented
2 years ago This issue is handled by proxy contracts that interact with the core contract and does the calculation first before making a call. For example, the Timeswap V1 Convenience does this.
0xean
commented
2 years ago This is essentially the same as slippage in uniswap and will happen in the normal use of the contracts even in a non malicious context.
Calls routed through the convenience contract are not affected, but its worth noting for anyone calling the contracts directly.
Handle
certora
Vulnerability details
Impact
frontrun Temporary Dos attack for the following functions: lend, borrow.
Proof of Concept
suppose Alice wants to use the lend function(same goes for borrow) so she needs to adjust x , y ,z to the current constant product k ( = xyz). Bob(an attacker) detects it and immediataly calls mint (x increase = 1, y increase = 0, z increase = 0) with more gas so his call will be executed first(alternativley bob can be a minor and save gas fee). now the constant prodcat increases and Alice's transactions will revert due to the check in the lend function that the new constasnt prodact is >= than the current.
Tools Used
vscode
Recommended Mitigation Steps