TricryptoNativeStrategy `compound` function is prone to MEV sandwich attack -- accrued rewards can be MEV'd (bad slippage control)

[code423n4]

Lines of code

https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audit/blob/05ba7108a83c66dada98bc5bc75cf18004f2a49b/contracts/curve/TricryptoNativeStrategy.sol#L169-L171

Vulnerability details

Impact

TricryptoNativeStrategy compound function is prone to MEV sandwich attack. Specifically, during the swap, the output amount from swapping rewards to the wrapped native tokens can be MEV'd and get almost 0 value out.

Proof of Concept

• The compound function implements bad slippage control from the current pool state via getOutputAmount (which can be manipulated). So, this slippage control check will always pass.
• The swapper.swap is then prone to sandwich attack.

Specifically, the attacker can flashloan and make the underlying pool imbalance (making the reward tokens really cheap), and invoke compound function -- trying to swap all the accrued reward tokens. The compound function will then try to sell the tokens, and by the bad slippage control described above, the check will pass and the output wrapped asset will be of minimal value. The attacker can then swap back the pool and just profit.

Tools Used

Manual Review

Recommended Mitigation Steps

• Don't use current pool state for slippage control. Can use a robust price source e.g. Chainlink to compute the fair price of the tokens.
• Make the compound function authorized + take slippage control as an input from offchain instead of using the current pool state.

Assessed type

MEV

[c4-pre-sort]

minhquanym marked the issue as duplicate of #245

[c4-judge]

dmvt marked the issue as duplicate of #158

[c4-judge]

dmvt changed the severity to 2 (Med Risk)

[c4-judge]

dmvt marked the issue as nullified

[c4-judge]

dmvt marked the issue as duplicate of #245