TricryptoNativeStrategy `_withdraw` is prone to MEV sandwich attack (bad slippage control) -- users who want to withdraw can get 0 value out of it.

[code423n4]

Lines of code

https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audit/blob/05ba7108a83c66dada98bc5bc75cf18004f2a49b/contracts/curve/TricryptoNativeStrategy.sol#L231-L233

Vulnerability details

Impact

TricryptoNativeStrategy withdraw is prone to MEV sandwich attack (bad slippage control) --> users who try to withdraw from the strategy can get MEV'd and get 0 value out of the withdrawal.

Proof of Concept

• The _withdraw function implements bad slippage control from the current pool state via calcLpToWeth (which can be manipulated). So, the slippage control check will always pass.

Specifically, the attacker can flashloan and become a majority of the underlying pool (to reap most of the profits) and also make WETH really expensive in the underlying pool. So, the calcLpToWeth will only return minimal weth amount. So, the user's withdrawal's tx will only get those minimal WETH amount out (at a loss). And the loss will get distributed to the current underlying pool's LPs, which the attack was the majority, so the attacker can reap most of the profits there.

Tools Used

Manual Review

Recommended Mitigation Steps

• Don't rely on current pool state for slippage control
• Use robust oracle service price source to compute the fair conversion price from LP to WETH.
• Make the function authorized and only callable by your bots, and also add additional slippage control check variable supplied from off-chain.

Assessed type

MEV

[c4-pre-sort]

minhquanym marked the issue as duplicate of #245

[c4-judge]

dmvt marked the issue as duplicate of #158

[c4-judge]

dmvt changed the severity to 2 (Med Risk)

[c4-judge]

dmvt marked the issue as nullified

[c4-judge]

dmvt marked the issue as duplicate of #245