search

code-423n4 / 2023-06-stader-findings

1 stars 1 forks source link

Sandwich exchange rate update #332

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderOracle.sol#L679

Vulnerability details

Impact

MEV Bot can sandwich the exchange rate update transactions to profit.

Proof of Concept

Exchange rate is updated in fuction _updateExchangeRate. The exchange rate is used in StaderStakePoolsManager::deposit and UserWithdrawalManager::requestWithdraw.

The MEV bot can monitor the mempool for exchange rate update transactions and frontrun the transaction with deposit and backrun with requestWithdraw to profit.

Tools Used

Manual review.

Recommended Mitigation Steps

Deposit using current exchange rate and withdraw with previous round exchange rate.

Assessed type

MEV

Picodes commented 1 year ago

Same as #351 by the same warden

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid