minLiquidity does not protect from curve triCryptoPool liquidity sandwiching
Summary
The minLiquidity slippage parameter is effective for stopping liqudiity sandwiching attacks for the Naiper Pool but does not prevent liquidity sandwich attacks on the curve tricryptoPool.
Vulnerability Detail
In NapierRouter.sol, addLiquidity has slippage controlled by the liquidityMin parameter. This only provides slippage protection for the NapierPool liquidity. However, there is also liquidity added to the curve TriCryptoPool. The triCryptoPool liquidity deposit is vulnerable to a sandwhich attack where this sequence of frontrunning steps happens:
attacker manipulates curve pool price
the victim deposits liquidity
attacker swaps back through the newly added liquidity making arbitrage profits through the extra liquidity.
Add a curve slippage parameter to the addLiquidity function and other functions in the router which add liquidity to the curve tricrypto pool.
Alternatively, since the assets in the triCryptoPool should all be close in price, enforce a maximum deviation in AMM derived price and revert if the deviation is above that.
Bandit
high
minLiquidity
does not protect from curve triCryptoPool liquidity sandwichingSummary
The
minLiquidity
slippage parameter is effective for stopping liqudiity sandwiching attacks for the Naiper Pool but does not prevent liquidity sandwich attacks on the curve tricryptoPool.Vulnerability Detail
In
NapierRouter.sol
,addLiquidity
has slippage controlled by theliquidityMin
parameter. This only provides slippage protection for theNapierPool
liquidity. However, there is also liquidity added to the curve TriCryptoPool. The triCryptoPool liquidity deposit is vulnerable to a sandwhich attack where this sequence of frontrunning steps happens:Optional reference for the liquidity sandwiching attack: https://medium.com/@alexanderzaidelson/the-reverse-lp-sandwich-arbitrage-73a081e68f1f
This also applies for other functions that add liquidity to the triCryptoPool.
Impact
Losses to sandwiching due to lack of slippage protection for curve tricrypto liquidity deposits.
Code Snippet
https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/NapierRouter.sol#L461
Tool used
Manual Review
Recommendation
Add a curve slippage parameter to the
addLiquidity
function and other functions in the router which add liquidity to the curve tricrypto pool.Alternatively, since the assets in the triCryptoPool should all be close in price, enforce a maximum deviation in AMM derived price and revert if the deviation is above that.