sherlock-admin2
commented
1 year ago 1 comment(s) were left on this issue during the judging contest.
shogoki commented:
This was a fix from the last audit. Should not be a problem
Closed sherlock-admin2 closed 1 year ago
sherlock-admin2
commented
1 year ago 1 comment(s) were left on this issue during the judging contest.
shogoki commented:
This was a fix from the last audit. Should not be a problem
0xjoseph
high
High Risk of being frontrun when removing liquidity in CurveSpell
Summary
Inside the
_removeLiquidityfunction in the CurveSpell contract, if theisKilledvariable is true the contract will call the Curveremove_liquidityfunction, passing inminOutsas an array of uint256 with default values of0.Vulnerability Detail
This leaves the function vulnerable to being front-run by a MEV bot where the MEV bot can potentially steal all user funds by manipulating the curve pools as the expected
minOutAmountis 0.Impact
Loss of all funds, that the LP is trying to withdraw.
Code Snippet
https://github.com/sherlock-audit/2023-07-blueberry/blob/main/blueberry-core/contracts/spell/CurveSpell.sol#L276-L289
Tool used
Manual Review
Recommendation
Estimate the minOutAmount off-chain when removing all liquidity and pass it in as an argument.