FortisFortuna
commented
2 years ago Technically correct, though in practice, we will allow user-defined slippage on the UI
Closed code423n4 closed 2 years ago
FortisFortuna
commented
2 years ago Technically correct, though in practice, we will allow user-defined slippage on the UI
FortisFortuna
commented
2 years ago 
0xean
commented
2 years ago closing as dupe of #35
Lines of code
https://github.com/code-423n4/2022-09-frax/blob/55ea6b1ef3857a277e2f47d42029bc0f3d6f9173/src/sfrxETH.sol#L84
Vulnerability details
Impact
Function
sfrxETH.mintWithSignature()allows users to approve and mint in one transaction. Users will provide input paramsharesand function will calculate what assetsamountneeded to be approved (in caseapproveMax = false).It used
previewMint()of ERC4626 to calculateamountfromsharesinput param. Users need to sign a message with thisamountvalue off-chain.But since in design, the exchange rate of
sfrxETHwill increase linearly over time (every second), there is no way users can calculate the exact value ofamountfromshareoff-chain. For example, users calculateamount = Xgivenshares = Yoff-chain and signamount = X. But when transaction is executed, the exchange rate is changed,amount > Xgivenshares = Y.The result is user’s signature invalid and cannot be executed.
Proof of Concept
Consider the scenario
Alice wants to approve and mint
100 sfrxETHin 1 transaction. She got the exchange rate from the contract1 frxETH = 1 sfrxETH. So she signsamount = 100to approve100 frxETH. Note that Alice doesn’t want to approve max since it’s more risky and not recommended from her expert crypto friends.She sends the transaction and waits for it to be executed. But by the time it’s executed, the exchange rate is updated
1.1 frxETH = 1 sfrxETH, which means if she wants to mint100 sfrxETHshe needs to approve110 frxETH. So her transaction is reverted.Tools Used
Manual Review
Recommended Mitigation Steps
Consider add 1 more input param
amountinmintWithSignature()function. Or only allow users to approve max.