c4-judge
commented
6 months ago Picodes marked the issue as satisfactory
Open c4-bot-9 opened 7 months ago
c4-judge
commented
6 months ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
Summary
M-28 highlighted how the slippage protection for the initial deposit which was based only on the minimum shares being issued, was ineffective. A front-run attack made it possible for the attacker to profit. This was because incorrect token ratios could be issued even while keeping the
minSharessame.Mitigation
The changes in commit have now added
minAddedAmountAandminAddedAmountBparams while adding liquidity. M-28 only applied to the first deposit and this fix now mitigates the issue since we can now specify the minimum amount of each token, making the mechanics of the shown front-run attack redundant.Conclusion
LGTM