Closed code423n4 closed 11 months ago
https://github.com/code-423n4/2023-08-dopex/blob/e96aaa5ea21f11b29d828dbe2d0745974cd046ed/contracts/perp-vault/PerpetualAtlanticVault.sol#L502
The attacker can launch a sandwich/flashloan attack on the updateFunding() function to gain most of the reward.
updateFunding()
PerpetualAtlanticVaultLP
vscode
In the short term, call UpdateFunding() more frequently. In the long term, considering the staking time in PerpetualAtlanticVaultLP
UpdateFunding()
Other
bytes032 marked the issue as low quality report
Insufficient proof
LQ because of front-running on Arb
GalloDaSballo marked the issue as unsatisfactory: Insufficient quality
Need more work
Lines of code
https://github.com/code-423n4/2023-08-dopex/blob/e96aaa5ea21f11b29d828dbe2d0745974cd046ed/contracts/perp-vault/PerpetualAtlanticVault.sol#L502
Vulnerability details
Impact
The attacker can launch a sandwich/flashloan attack on the
updateFunding()
function to gain most of the reward.Proof of Concept
updateFunding()
function.PerpetualAtlanticVaultLP
.updateFunding()
functionPerpetualAtlanticVaultLP
and repay the flashloanTools Used
vscode
Recommended Mitigation Steps
In the short term, call
UpdateFunding()
more frequently. In the long term, considering the staking time inPerpetualAtlanticVaultLP
Assessed type
Other