c4-pre-sort
commented
10 months ago raymondfam marked the issue as sufficient quality report
Closed c4-bot-8 closed 10 months ago
c4-pre-sort
commented
10 months ago raymondfam marked the issue as sufficient quality report
c4-pre-sort
commented
10 months ago raymondfam marked the issue as duplicate of #13
c4-judge
commented
9 months ago alcueca marked the issue as unsatisfactory: Invalid
c4-judge
commented
9 months ago alcueca marked the issue as unsatisfactory: Invalid
c4-judge
commented
9 months ago alcueca marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-01-curves/blob/516aedb7b9a8d341d0d2666c23780d2bd8a9a600/contracts/Curves.sol#L282-L293
Vulnerability details
Impact
Standard MEV by anticipated a trade, especially on sell. Buy is implicitly protected by being limited by
msg.value.Proof of Concept
When buying/selling tokens, there is no slippage protection in place. When buying the user must pay a sufficient amount and may thus use this as an implicit slippage check, which may very well be adequate. But selling offers no such means of protection. An attacker, being able to anticipate the victim's sell transaction, may sandwich it between a sell and a buy, and profit in the standard MEV fashion.
(I don't know how feasible frontrunning, which would be the standard way to anticipate the trade, is on the Form Network, e.g. if the sequencer is private. But some kind of frontrunning must always be considered a risk, since the transactions must be broadcast somewhere. In this particular case it is also conceivable that this could be achieved simply by streaming attack transactions around an approximate expected transaction time (e.g. the end of the presale) which only execute on the desired conditions.)
Recommended Mitigation Steps
Add a slippage check on
sellCurvesToken().Assessed type
MEV