No slippage protection when decreasing liquidity could lead to liquidator funds being lost

[c4-bot-10]

Lines of code

https://github.com/code-423n4/2024-03-revert-lend/blob/435b054f9ad2404173f36f0f74a5096c894b12b7/src/V3Vault.sol#L1065-L1067

Vulnerability details

Impact

When user Decrease NFT liquidity, params.amount0Min and params.amount1Min should be specified if we want to be protected from sandwich attacks. If the user transaction suffers from frontrunning, a much less amount of tokens can be received when liquidity is decreased. This means that if MEV bot frontruns the decrease liquidity with large amount, liquidator can receive tokens valuated less than the debt that he has just repaid. Inside uniswap documentation it is written that "In production, amount0Min and amount1Min should be adjusted to create slippage protections.", because this is serious concern, which affectsr user resources. Calls amount0Min and amount1Min are each set to 0, which allows for a 100% slippage tolerance. This means, that the action could lead to the caller losing up to 100% of their tokens due to slippage. Impact: Exposure to high slippage that could result in a loss for liquidators, who in reality should benefit from this operation.

The same check is missed inside AutoCompound.execute

Proof of Concept

• If user X try to liquidate user Y unhealthy position of 1000 USDC debt, but there is a slippage of 80-90%
• He would pay $1000 and receive less as a reward for doing so

  Tools Used

  Manual Review

  Recommended Mitigation Steps

• Either user value provided by user to specify amount0Min and amount1Min, or
• Use some kind of slippage tollerance calculator

Assessed type

MEV

[c4-pre-sort]

0xEVom marked the issue as duplicate of #198

[c4-pre-sort]

0xEVom marked the issue as sufficient quality report

[c4-judge]

jhsagd76 marked the issue as unsatisfactory: Out of scope