Open howlbot-integration[bot] opened 5 months ago
alcueca marked the issue as selected for report
@jatinj615, please review. You reviewed #320 which is in the same group, but this report correctly points out that the withdrawal value is calculated immediately, rendering the sandwich possible.
alcueca marked the issue as satisfactory
The sponsor comment in #259 is relevant here, on why withdrawals are priced on withdraw
, and not claim
. The resulting implementation might have to take a trade-off between being arbitraged one way or another, or opt for a different implementation altogether.
@alcueca , thanks for pointing this out ser. This report is really great and the mitigation steps also looks good. Just want to confirm if we move ahead with the mitigation steps would there be any other possible attack vector which we need to worry about ?
Lines of code
https://github.com/code-423n4/2024-04-renzo/blob/main/contracts/Withdraw/WithdrawQueue.sol#L220-L224
Vulnerability details
Cause
Deposit and withdrawal requests can be done immediately with no costs or fees, and both use the current oracle prices and TVL calculation (deposit, and withdraw). Crucially, the withdrawal amount is calculated at withdrawal request submission time instead of at withdrawal claim time. Any small change in either ezETH value or in the price of a collateral token can be exploited at no cost by MEV. Specifically, if the price increases, a deposit is made before the increase, and a withdrawal request immediately after.
Additionally, in case of a supported LST's sudden change in price (for example due to price manipulation, an exploit of that LST, due to consensus layer penalties (slashing), or liquidity issues), external holders of that LST may frontrun the change, deposit the LST into Renzo, and immediately request a withdrawal of another asset (e.g., native ETH). In such situations, Renzo functions as a zero-slippage zero-fees oracle-price-based DEX for LSTs and ETH up to the TVL cap for the affected LST. Zero-slippage zero-fee oracle-price-based designs are notoriously vulnerable to both oracle manipulation and oracle latency attacks if not carefully prevented.
Impact
The newly introduced frontrunning vector, due to incurring only gas fees, and no fee that is proportional to the size of the "trade", allows profitably exploiting most TVL and oracle price changes, and exploiting previously exploitable updates (vie Balancer's usage of
getRate()
) even more profitably via the new vector.The impact is that value that otherwise should be distributed to ezETH holders is constantly lost to MEV.
Additionally, ezETH holders lose value due to facilitating asset swaps with no slippage and no fees based on outdated oracle prices.
Proof of Concept
Scenario 1 (MEV, price increase):
Scenario 2 (malicious):
Scenario 3 (MEV, price decrease, zerp-slippage zero-fees DEX):
Tools Used
Manual review.
Recommended Mitigation Steps
The redemption conversion should be performed at both request and claim time. If it results in a lower redeem value, that value should be used for the claim instead of the initial redeem amount. Additionally, a rate limit or a short delay on deposits with similar protection can be added as well.
Assessed type
MEV