No slipage protection or expiry on Mint and redeem function in SimplePSM

[c4-bot-7]

Lines of code

https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SimplePSM.sol#L138 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SimplePSM.sol#L107 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SimplePSM.sol#L124

Vulnerability details

Impact

The system provided getMintAmountOut and getRedeemAmountOut function while minting and redeeming Crdeit Tokens for collateral tokens. but there is no slipplage protection as the price or amount of token minted will be effected by PNL changes which will effect the price of Credit token.

Proof of Concept

following case would occur noramly. 1). The Price of credit token is 0.7 USDC and ratio is 1-0.7. 2). User call getMintAmountOut(100e6) and the contract return 142 of credit token to be minted out. 3). While the user Transaction is in mempool The System record Profit and creditMultipler got updated to Credit Token is 1-1 USDC. 4). When The user transaction got executed he will only receive 100e18 Credit token. this is not on what the users has agreed.

Tools Used

Manual Review.

Recommended Mitigation Steps

Add slippage protection and check if the amountOut=getMintAmountOut(amountIn) or amountOut = getRedeemAmountOut(amountIn) is less then that value just revert. i.e :

Assessed type

MEV

[c4-pre-sort]

0xSorryNotSorry marked the issue as sufficient quality report

[c4-pre-sort]

0xSorryNotSorry marked the issue as duplicate of #925

[c4-judge]

Trumpero marked the issue as unsatisfactory: Invalid