Introduce `minEpoch` to prevent withdrawal requests being front-runned

[c4-submissions]

Lines of code

https://github.com/asymmetryfinance/afeth/blob/main/contracts/strategies/votium/VotiumStrategy.sol#L61-L63

Vulnerability details

Original Issue

• M-04: VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process

Issue Details

• The issue raised above occured whenever there was an unlocked balance which could be used to fulfill the withdrawal request in case of the full requested amount coverage.

Mitigation

• The fix proposed was to allow the VotiumStrategy to utilize already unlocked balances(due to expired locks etc...) for withdrawal request fulfillments. The team has successfully mitigated an issue by applying the diff suggested in original issue.

• The fix was introduced in the following PR.

Conclusion

• After introducing the fix proposed above the sponsors should be aware of the following scenario that could occur:

  • Alice simulates the withdrawal request of x afETH to make sure the withdrawal will be finalized before a q + 2th epoch occurs.
  • Let's also say that the epoch, when Alice requested the withdrawal is qth epoch.
  • It turns out, that P(q) which is unlocked cvx balance that nearly covers the whole requested amount:
  • P(q) >= x
  • P(q) < x + delta
  • According to the mitigation being introduced the withdrawal request will be finalized at q + 1th epoch.
  • Seeing that, she then requests the withdrawal, however Bob submits the similar withdrawal request of y afETH and front-runs Alice's tx.
  • Since, delta < y, Bob utlizes the whole unlocked balance to finalize his own withdrawal request at q + 1th epoch, therefore, Alice's withdrawal request will not be finalised before q + 2th epoch occurs.

• Basically, it's similar to sandwich attacks, however here we don't gain any profit, but instead the early spot to withdraw.

Recommended Mitigation Steps:

• Short term:
  • Similar to the slippage control provided to users in case with sandwich attacks, it's possible to provide an opportunity for users to set the minEpoch to prevent them from executing withdrawals with an undermined epoch.

Assessed type

Context

[toshiSat]

Right now we are waiting 1 epoch which I don't believe is enough, we are going to add a min epoch

[c4-sponsor]

toshiSat (sponsor) confirmed

[d3e4]

This report seems to suggest that M-04 is mitigated but with an error.

The error described here, that one can deposit just before an epoch shift, seems duplicate with what the warden mentions in #9 and with other wardens' #45 and #21.

[c4-judge]

0xleastwood marked the issue as satisfactory

[liveactionllama]

The judge (@0xleastwood) has asked me to update this finding on their behalf, to make it a duplicate of issue #45. So I'm updating the labels and status accordingly.