Closed sherlock-admin closed 1 year ago
Escalate for 10 USDC
https://github.com/sherlock-audit/2023-03-taurus-judging/issues/133 this finding is almost identical with this finding which is accepted as a valid finding. What is the reason mine is excluded ?
Escalate for 10 USDC
https://github.com/sherlock-audit/2023-03-taurus-judging/issues/133 this finding is almost identical with this finding which is accepted as a valid finding. What is the reason mine is excluded ?
You've created a valid escalation for 10 USDC!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Escalation accepted
Considering this a duplicate of #133 under the malicious keeper reasoning. But as mentioned in 133 the keeper is trusted and not a valid issue.
Escalation accepted
Considering this a duplicate of #133 under the malicious keeper reasoning. But as mentioned in 133 the keeper is trusted and not a valid issue.
This issue's escalations have been accepted!
Contestants' payouts and scores will be updated according to the changes made on this issue.
mstpr-brainbot
high
Malicious keepers
Summary
A malicious keeper can advantage the
swapForTau
function and take the yield tokens to pocket instead of selling for TAUVulnerability Detail
There are no checks on keepers _minTauReturned and _yieldTokenAmount values. Malicious keeper can swap rewards with inputting the _minTauReturned as 0 and the swap the keeper does will be sandwitched since there are no slippage tolerance.
Example: Assume 1WETH = 1000TAU, Keeper will give the
_minTauReturned
as 1. 1 WETH will be sent to swap adapter contract after keeper tx. Since swap data also generated by keeper, keeper will only swap to achieve 1 TAU output. Rest of the WETH will be idle on swap contract. Then keeper will call the swap contract and pocket the remaining ETH since swap contract is sending the funds from its internal balance tomsg.sender
.Impact
Code Snippet
https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/SwapHandler.sol#L45-L52
Tool used
Manual Review
Recommendation
Duplicate of #133