Closed github-actions[bot] closed 1 year ago
We’ve discussed directly with the Alchemix devs and their conclusion/recommendation was that there is no direct way to frontrun/sandwich this in a meaningful way to cause harm/loss for our users.
Closing based on the sponsor comment on the Alchemix recommendation as they'd have a better understanding of the integrating protocol, also there is no clear evidence showing loss of funds
minhtrng
medium
Withdraws have no access control and allow for bad slippage control
Summary
A malicious actor can perform withdraw to claim without slippage control to cause a loss to the share holders.
Vulnerability Detail
The function
Vault.withdraw_underlying_to_claim
is meant to be permissionless according to the code documentation. However, this allows anyone to call the function with the parameter_min_weth_out == 0
:This should be able to cause a loss of assets under certain circumstances, evidenced by the fact that both Alchemix and Yearn have slippage control parameters for withdrawals in the first place. However, I do not have a sufficient in-depth understanding of either of these protocols to map out the circumstances and possibly more critical attack paths that allow for the theft of the funds. Hence I will categorize the severity as medium (griefing that causes harm, but has no financial benefit for the attacker).
Impact
Possible loss of assets due to no slippage control.
Code Snippet
https://github.com/sherlock-audit/2023-02-fair-funding/blob/main/fair-funding/contracts/Vault.vy#L393-L404
Tool used
Manual Review
Recommendation
Options:
_min_weth_out
parameter.