MEV Bot can sandwich the exchange rate update transactions to profit.
Proof of Concept
Exchange rate is updated in fuction _updateExchangeRate. The exchange rate is used in StaderStakePoolsManager::deposit and UserWithdrawalManager::requestWithdraw.
The MEV bot can monitor the mempool for exchange rate update transactions and frontrun the transaction with deposit and backrun with requestWithdraw to profit.
Tools Used
Manual review.
Recommended Mitigation Steps
Deposit using current exchange rate and withdraw with previous round exchange rate.
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderOracle.sol#L679
Vulnerability details
Impact
MEV Bot can sandwich the exchange rate update transactions to profit.
Proof of Concept
Exchange rate is updated in fuction _updateExchangeRate. The exchange rate is used in StaderStakePoolsManager::deposit and UserWithdrawalManager::requestWithdraw.
The MEV bot can monitor the mempool for exchange rate update transactions and frontrun the transaction with deposit and backrun with requestWithdraw to profit.
Tools Used
Manual review.
Recommended Mitigation Steps
Deposit using current exchange rate and withdraw with previous round exchange rate.
Assessed type
MEV