Closed c4-bot-4 closed 5 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #90
raymondfam marked the issue as duplicate of #274
hansfriese changed the severity to 2 (Med Risk)
hansfriese marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L493 https://github.com/code-423n4/2024-03-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L504
Vulnerability details
Impact
The withdraw and redeem operations in PrizeVault are exposed to high slippage returns and could result in a loss for LPs of PrizeVault.
Proof of Concept
When withdraw or redeem is called, they both work in similar ways in returning the amount to be burnt or received. When all assets are below the debt, the amount returned could vary. However, there is no slippage protection for these operations.
https://github.com/code-423n4/2024-03-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L489-L497
https://github.com/code-423n4/2024-03-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L500-L508
However, there are no parameters for
amountOutMin
oramountInMax
, which are used to prevent slippage. These parameters should be checked to create slippage protections.https://docs.uniswap.org/contracts/v3/guides/providing-liquidity/decrease-liquidity
Tools Used
Visual Studio Code
Recommended Mitigation Steps
There are no parameters for
amountOutMin
oramountInMax
, which are used to prevent slippage for varying return amount. These parameters should be checked to create slippage protections.https://docs.uniswap.org/contracts/v3/guides/providing-liquidity/decrease-liquidity
Assessed type
MEV