search

sherlock-audit / 2023-12-flatmoney-judging

11 stars 9 forks source link

SBSecurity - UNIT LP holders can sandwich leverage traders closing their positions and avoid price impact. #266

Closed sherlock-admin2 closed 7 months ago

sherlock-admin2 commented 8 months ago

SBSecurity

high

UNIT LP holders can sandwich leverage traders closing their positions and avoid price impact.

Summary

Liquidity providers can avoid price impact by sandwiching both announce and execute functions from leverage traders to close their positions.

They can write script which does everything for them and avoid the price impact to be bear by the other users.

Vulnerability Detail

The problem is that a large liquidity provider can build a script to front run and then backrun announceLeverageClose(), and also execute the trader close request as keeper.

  1. Front run announceLeverageClose() with announceStableWithdraw()
  2. Back run announceLeverageClose() with _executeStableWithdraw()
  3. Execute _executeLeverageClose() as a keeper
  4. Then deposit again

Impact

LP can avoid paying the trader when he is on profit.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/bba4f077a64f43fbd565f8983388d0e985cb85db/flatcoin-v1/src/DelayedOrder.sol#L317-L368

Tool used

Manual Review

Recommendation

It's hard to give a proper recommendation, maybe lock LPs tokens when there will be a long position close.

sherlock-admin commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

nevillehuang commented 7 months ago

Invalid, front-running/back-running is not possible on base, given they use a private mempool see discussions here and comments here