Frontrunning initial liquidity adding

[code423n4]

Lines of code

https://github.com/code-423n4/2022-12-caviar/blob/0212f9dc3b6a418803dbfacda0e340e059b8aae2/src/Pair.sol#L63-L99 https://github.com/code-423n4/2022-12-caviar/blob/0212f9dc3b6a418803dbfacda0e340e059b8aae2/src/Pair.sol#L417-L427

Vulnerability details

Impact

Creation of the pair does not add initial liquidity which leads to situation where attacker can front-run creator and execute sandwich attack against the creator.

Exploitation Scenario:

1. Alice creates pair and wants to add liquidity
2. Bob front-runs Alice's add liquidity and quickly adds his liquidity with 100 ETH and 1 Fractional Tokens which mints 10 LP
3. Alice adds 100 ETH and 100 Fractional Tokens which gives 10 LP
4. The pool is 200 ETH and 101 Fractional Tokens
5. Bob withdraws liquidity with 10 LP gets 100 ETH and 50 Fractional Tokens
6. Bob just made nice profit

Proof of Concept

Pair.sol:

• https://github.com/code-423n4/2022-12-caviar/blob/0212f9dc3b6a418803dbfacda0e340e059b8aae2/src/Pair.sol#L63-L99
• https://github.com/code-423n4/2022-12-caviar/blob/0212f9dc3b6a418803dbfacda0e340e059b8aae2/src/Pair.sol#L417-L427

Tools Used

Manual Review

Recommended Mitigation Steps

It is recommended to initialize pair with the liquidity provided by the creator.

[Minh-Trng]

If Alice thinks she would be the first to supply she would set the minLPTokenAmount parameter to sqrt(100*100)=100 (because she expects 0 slippage) which would cause her tx to revert

[c4-judge]

berndartmueller marked the issue as duplicate of #442

[c4-judge]

berndartmueller marked the issue as satisfactory