ConvexTriCryptoStrategy `emergencyWithdraw` is prone to MEV sandwich attacked (bad slippage control)

[code423n4]

Lines of code

https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audit/blob/05ba7108a83c66dada98bc5bc75cf18004f2a49b/contracts/convex/ConvexTricryptoStrategy.sol#L153-L155

Vulnerability details

Impact

ConvexTriCryptoStrategy emergencyWithdraw is prone to MEV sandwich attacked -- the strategy can end up getting almost 0. This will leave depositors at a loss (drained all the deposited assets).

Proof of Concept

• Within emergencyWithdraw function, the slippage control is calculated from the current state of the pool, which can already be manipulated (the slippage control check will always pass).
• More precisely, calcLpToWeth can return almost 0 value --> the minLpAmount will also be close to 0, leading to a bad slippage value when removing liquidity.

For the attacker to pull this attack off, the attack just needs to flashloan and become the majority of the underlying pool and make the pool imbalance (sandwiching the owner's emergencyWithdraw tx). The loss from the owner's liquidity removal will get shared to the LPs of the underlying pool, and since the large portion of the pool is owned by the attacker, the attacker can easily take that profit.

Tools Used

Manual Review

Recommended Mitigation Steps

• Don't use pool state to compute slippage control. Use robust oracle source for finding the LP fair price for the withdrawal.
• Take another argument to the function e.g. minAmount which can be calculated off-chain to act as slippage control.

Assessed type

MEV

[c4-pre-sort]

minhquanym marked the issue as duplicate of #245

[c4-judge]

dmvt marked the issue as duplicate of #158

[c4-judge]

dmvt changed the severity to 2 (Med Risk)

[c4-judge]

dmvt marked the issue as nullified

[c4-judge]

dmvt marked the issue as duplicate of #245