search

code-423n4 / 2023-08-dopex-findings

3 stars 3 forks source link

Lack of minAmount when adding liquidity into Uniswap V2 can lead to the LP getting MEVd #2179

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/reLP/ReLPContract.sol#L286-L295

Vulnerability details

Impact

The amount being LPd into Uniswap can get stolen trough MEV.

Proof of Concept

The reLP contract re-LPs a certain amount of the tokens, that enter after a bond gets bought. The issue arises due to there not being proper minimum liquidity amounts passed when calling addLiquidity() on a Uniswap V2 pool.

(, , uint256 lp) = IUniswapV2Router(addresses.ammRouter).addLiquidity(
      addresses.tokenA,
      addresses.tokenB,
      tokenAAmountOut,
      amountB / 2,
      // @audit-issue lack of slippage checks
      0,
      0,
      address(this),
      block.timestamp + 10
);

Tools Used

Manual review

Recommended Mitigation Steps

Consider passing appropriate minimum liquidity amounts to addLiquidity().

Assessed type

Uniswap

c4-pre-sort commented 1 year ago

bytes032 marked the issue as duplicate of #1259

c4-pre-sort commented 1 year ago

bytes032 marked the issue as sufficient quality report

c4-pre-sort commented 1 year ago

bytes032 marked the issue as duplicate of #1032

c4-judge commented 11 months ago

GalloDaSballo marked the issue as satisfactory