Sandwich Attack Vulnerability in GSPFunding.sol::sellShares() Function
Summary
A potential vulnerability to Sandwich Attacks exists in the GSPFunding.sol::sellShares() . This type of attack could lead to financial losses for users by manipulating the market price before and after the victim's transaction.
Vulnerability Detail
The sellShares function allows users to sell their shares in exchange for base and quote tokens. The function's parameters, such as baseMinAmount and quoteMinAmount, are intended to provide slippage protection.
Because baseMinAmount and quoteMinAmount can be an arbitrary value and can be set to 0, the attacker can use it to always guarantee to deliver the minimum that the user expects and take a profit. This manipulation can result in the victim receiving a significantly worse price for their shares than expected.
Impact
The impact of such an attack is significant. It can lead to users receiving less value for their shares than intended.
"We recommend implementing a two-step verification mechanism for transactions. This addition would involve a preliminary check of the transaction against potential price manipulation patterns, followed by the execution of the trade.
pinalikefruit
high
Sandwich Attack Vulnerability in
GSPFunding.sol::sellShares()FunctionSummary
A potential vulnerability to Sandwich Attacks exists in the
GSPFunding.sol::sellShares(). This type of attack could lead to financial losses for users by manipulating the market price before and after the victim's transaction.Vulnerability Detail
The sellShares function allows users to sell their shares in exchange for base and quote tokens. The function's parameters, such as
baseMinAmountandquoteMinAmount, are intended to provide slippage protection.Because
baseMinAmountandquoteMinAmountcan be an arbitrary value and can be set to 0, the attacker can use it to always guarantee to deliver the minimum that the user expects and take a profit. This manipulation can result in the victim receiving a significantly worse price for their shares than expected.Impact
The impact of such an attack is significant. It can lead to users receiving less value for their shares than intended.
Code Snippet
Tool used
Manual Review
Recommendation
"We recommend implementing a two-step verification mechanism for transactions. This addition would involve a preliminary check of the transaction against potential price manipulation patterns, followed by the execution of the trade.
Duplicate of #148