high

Protocol may experience loss due to high slippage during `rebalanceXChain` or `sendFundsToVault`

Summary

The Derby protocol relies on functions triggered by external entities and the slippage parameter can be maliciously chosen.

Vulnerability Detail

The functions rebalanceXChain and sendFundsToVault are part of these functions, anyone call execute them. The caller is able to specify a high slippage parameters and can cause harm to the protocol.

Any user could grief the Derby Protocol by setting a high slippage value during rebalanceXChain or sendFundsToVault calls.

Impact

In regards to recent events with USDC depeg. A malicious user could cause loss of assets during the rebalance accross chains.

Code Snippet

  function rebalanceXChain(uint256 _slippage, uint256 _relayerFee) external payable { 
...
}

  function sendFundsToVault(
    uint256 _vaultNumber,
    uint256 _slippage,
    uint32 _chain,
    uint256 _relayerFee
  ) external payable onlyWhenFundsReceived(_vaultNumber) {
...
}

Tool used

Manual Review

Recommendation

Slippage should be set in the protocol and could be updated by DAO of Guardians of the protocol.

Duplicate of #54

sherlock-audit / 2023-01-derby-judging

ff - Protocol may experience loss due to high slippage during `rebalanceXChain` or `sendFundsToVault` #366

Protocol may experience loss due to high slippage during `rebalanceXChain` or `sendFundsToVault`

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2023-01-derby-judging

ff - Protocol may experience loss due to high slippage during `rebalanceXChain` or `sendFundsToVault` #366

Protocol may experience loss due to high slippage during rebalanceXChain or sendFundsToVault

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Protocol may experience loss due to high slippage during `rebalanceXChain` or `sendFundsToVault`