search

code-423n4 / 2024-01-curves-findings

1 stars 0 forks source link

sellCurvesToken has no slippage checks which can lead to a sandwich attack #13

Closed c4-bot-3 closed 9 months ago

c4-bot-3 commented 10 months ago

Lines of code

https://github.com/code-423n4/2024-01-curves/blob/main/contracts/Curves.sol#L282

Vulnerability details

Impact

There is no slippage checks (minimum amount of ETH received back) present in https://github.com/code-423n4/2024-01-curves/blob/main/contracts/Curves.sol#L282

    function sellCurvesToken(address curvesTokenSubject, uint256 amount) public {
        uint256 supply = curvesTokenSupply[curvesTokenSubject];
        if (supply <= amount) revert LastTokenCannotBeSold();
        if (curvesTokenBalance[curvesTokenSubject][msg.sender] < amount) revert InsufficientBalance();

        uint256 price = getPrice(supply - amount, amount);

        curvesTokenBalance[curvesTokenSubject][msg.sender] -= amount;
        curvesTokenSupply[curvesTokenSubject] = supply - amount;

        _transferFees(curvesTokenSubject, false, price, amount, supply);
    }

And since price monotonically increases with token supply based on a curve: https://github.com/code-423n4/2024-01-curves/blob/main/contracts/Curves.sol#L180

    function getPrice(uint256 supply, uint256 amount) public pure returns (uint256) {
        uint256 sum1 = supply == 0 ? 0 : ((supply - 1) * (supply) * (2 * (supply - 1) + 1)) / 6;
        uint256 sum2 = supply == 0 && amount == 1
            ? 0
            : ((supply - 1 + amount) * (supply + amount) * (2 * (supply - 1 + amount) + 1)) / 6;
        uint256 summation = sum2 - sum1;
        return (summation * 1 ether) / 16000;
    }

Note: [The following is being calculated: price = (supply)^2 to (supply + 1)^2 + (supply + 2)^2 + ... (supply - 1 + amount)^2] which can be calculated using the closed form formula above.

Therefore, it is possible for MEV bots to sandwich Alice's sellCurvesToken trade and make a profit:

  1. MEV bot observe Alice intends to sell curve tokens in mempool
  2. MEV bot frontruns Alice and sells tokens before hers, reducing the total token supply and therefore the price.
  3. Alice sells her tokens at the lower price further decreasing the token supply and price.
  4. MEV bot buys back the tokens at a lower price and makes a profit larger than the fees paid when selling the tokens.

It leads to a loss of funds for Alice.

Tools Used

Manual Review

Recommended Mitigation Steps

Add a minimumAmountETH parameter which the minimum amount of ETH the function will return to a user for a paritucular transaction and revert if the result of selling the tokens is lower than this amount.

Assessed type

Other

c4-pre-sort commented 10 months ago

raymondfam marked the issue as sufficient quality report

c4-pre-sort commented 10 months ago

raymondfam marked the issue as primary issue

andresaiello commented 9 months ago

no frontrun on L2

c4-sponsor commented 9 months ago

andresaiello (sponsor) disputed

alcueca commented 9 months ago

It is stated in the README that Curves will run on a rollup L2, therefore no mempool and no MEV.

c4-judge commented 9 months ago

alcueca marked the issue as unsatisfactory: Invalid

irving4444 commented 9 months ago

There will be private mempool and sequencers who can still see those transactions can still front run .