mint and burn can be attacked by sandwiches

[code423n4]

Lines of code

https://github.com/code-423n4/2023-05-venus/blob/main/contracts/VToken.sol#L180

Vulnerability details

Impact

The rewards of mint and burn are calculated based on the ratio of uToken(including debt) and vToken, so it can be sandwiched by attackers.

Proof of Concept

Tools Used

manual

Recommended Mitigation Steps

It is recommended to add the minimum receiving quantity to mint and burn

Assessed type

Other

[c4-judge]

0xean marked the issue as unsatisfactory: Insufficient quality