There is no implementation of a router for PrivatePools with an ERC20 base token in the repository. PrivatePool is implemented without protection against slippage, which is assumed to be the responsibility of the router. Such a router exists for pools with ETH (where baseToken=address(0)), but is missing for regular ERC-20 tokens. If a trader interacts with PrivatePool directly, they will inevitably be frontrun and lose money due to slippage.
Recommended Mitigation Steps
It is recommended to implement a router for pools with ERC-20 tokens.
Lines of code
https://github.com/code-423n4/2023-04-caviar/blob/cd8a92667bcb6657f70657183769c244d04c015c/src/EthRouter.sol#L45
Vulnerability details
Impact
There is no implementation of a router for PrivatePools with an ERC20 base token in the repository. PrivatePool is implemented without protection against slippage, which is assumed to be the responsibility of the router. Such a router exists for pools with ETH (where
baseToken=address(0)
), but is missing for regular ERC-20 tokens. If a trader interacts with PrivatePool directly, they will inevitably be frontrun and lose money due to slippage.Recommended Mitigation Steps
It is recommended to implement a router for pools with ERC-20 tokens.