Open code423n4 opened 1 year ago
minhquanym marked the issue as primary issue
minhquanym marked the issue as duplicate of #1435
dmvt marked the issue as duplicate of #245
dmvt changed the severity to 2 (Med Risk)
dmvt marked the issue as satisfactory
I would say this Is not a dup of 163
163 states:
Meaning that MEV can be obtained from back running withdrawals and deposits Which implies the attacker doesn’t have access to the “button” to trigger a loss or a gain
This is saying something different:
The vault is taking in Single Sided Exposure And is socialising a loss And the finding shows the conditions for the attack
dmvt marked the issue as not a duplicate
dmvt marked the issue as selected for report
Agreed. Thank you for the additional clarification.
0xRektora (sponsor) confirmed
Lines of code
https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audit/blob/05ba7108a83c66dada98bc5bc75cf18004f2a49b/contracts/lido/LidoEthStrategy.sol#L149-L157
Vulnerability details
Impact
The
LidEthStrategy
uses a hardcoded 2.5% Slippage for_withdraw
https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audit/blob/05ba7108a83c66dada98bc5bc75cf18004f2a49b/contracts/lido/LidoEthStrategy.sol#L149-L157
2.5% is a VERY high slippage for Curve StableSwaps
On Mainnet, you'd need to swap over 140k ETH to trigger such a change
However, the Swap Fee for this pair is 1BPS
Meaning it's EXTREMELY cheap to manipulate the price to cause it to have a 2.5% Loss
This means that for most withdrawals, the strategy is leaking 2.5% of value (2 BPS + Gas is negligible in this context)
POC
We need to sell 135k stETH to move the price by 2.5% (due to Curve being really efficient)
This costs us 13.5 ETH
I have doubled it to simulate a backrun as well
27 ETH / 0.025 % = 1080 ETH
As you can see, this means that if the Strategy has more than around $2MLN in value, it will leak more than the fees, allowing the attacker to repeatedly sandwhich it to profit
Notice that because of this, all of the tokens can be stolen, this is not merely "MEV"ing the deposit and withdrawals, this will actually cause a total loss until the Strategy Leaked Amounts will no longer be worth the cost of manipulation (26 ETH per pass)
POC Steps
Mitigation Step
I believe the only solution here is to avoid single sided exposure, denominate the strategy either in the LP token or in stETH
Do not swap the tokens back to ETH which is the root of the issue since the exchange rate is manipulatable in multiple ways as demonstrated above
Additional Resources
The amount of swaps to trigger the slippage are obtained via this library I wrote:
(Results brute forced via: https://github.com/GalloDaSballo/pool-math)
Assessed type
ERC4626