sherlock-admin2
commented
11 months ago 1 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
There is a slippage at the end of the function
Closed sherlock-admin closed 11 months ago
sherlock-admin2
commented
11 months ago 1 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
There is a slippage at the end of the function
jah
high
no slippage lead to loss of fund
Summary
there is no slippage check when swapping the sale token into holdtoken which can lead to loss of fund
Vulnerability Detail which
in liquidityBorrowigManager line 742 - 761 will try to swap sale token into the holdtoken when swapping the slippage arguments are zero which means there is no check for slippage which will open a door for mev and and mev searcher can do a sandwich attack every time the borrow function first the searcher will listen to a memepool for the borrow function to be called then it will frontrun the trx and buy big amount of hold token due to that the price will go up then when the borrow function swap the sell token into the hold token he will reveice small amount of holdtoken and will pump more the holdtoken then the mev searcher will sell the holdtoken again which he will gain a profit
Impact
loss of fund
Code Snippet
https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L882
Tool used
Manual Review
Recommendation
add a slippage