Increase Liquidity and Decrease Liquidity have incorrect deadline check and lack slippage control
Summary
The LiquidityManager::_increaseLiquidity and LiquidityManager::_decreaseLiquidity functions lack slippage control and have incorrect implementation of the deadline parameter.
Vulnerability Detail
The _increaseLiquidity function increases the liquidity of a position by providing additional tokens and the _decreaseLiquidity decreases the liquidity of a position by removing tokens. Both functions consist of parameters that can control slippage and create a deadline for the transaction. These parameters ensure that the transaction cannot be manipulated through front-running. The parameters are amount0Min, amount1Min, and deadline.
The problem is that amount0Min, amount1Min are always set to 0, which means there is no slippage control, allowing for the possibility of a sandwich attack. In addition, deadline is always set to block.timestamp, which defeats the entire purpose of the deadline, as it is used to compare if it has passed block.timestamp by checking if block.timestamp <= deadline. Since the deadline = block.timestamp in this case, the check will always pass, making it susceptible to MEV attacks.
Impact
Users receiving less value due to manipulation of market from lack of slippage control (amount0Min, amount1Min are always 0) and funds being stolen due to transactions being executed in a way that is far less favorable to the users, due to deadline = block.timestamp.
nevillehuang
commented
8 months ago
crypticdefense
high
Increase Liquidity and Decrease Liquidity have incorrect deadline check and lack slippage control
Summary
The
LiquidityManager::_increaseLiquidityandLiquidityManager::_decreaseLiquidityfunctions lack slippage control and have incorrect implementation of thedeadlineparameter.Vulnerability Detail
The
_increaseLiquidityfunction increases the liquidity of a position by providing additional tokens and the_decreaseLiquiditydecreases the liquidity of a position by removing tokens. Both functions consist of parameters that can control slippage and create a deadline for the transaction. These parameters ensure that the transaction cannot be manipulated through front-running. The parameters areamount0Min,amount1Min, anddeadline.The problem is that
amount0Min,amount1Minare always set to 0, which means there is no slippage control, allowing for the possibility of a sandwich attack. In addition,deadlineis always set toblock.timestamp, which defeats the entire purpose of thedeadline, as it is used to compare if it has passedblock.timestampby checking ifblock.timestamp <= deadline. Since the deadline =block.timestampin this case, the check will always pass, making it susceptible to MEV attacks.Impact
Users receiving less value due to manipulation of market from lack of slippage control (
amount0Min,amount1Minare always 0) and funds being stolen due to transactions being executed in a way that is far less favorable to the users, due todeadline = block.timestamp.Code Snippet
https://github.com/sherlock-audit/2024-02-leverage-contracts/blob/main/wagmi-leverage/contracts/abstract/LiquidityManager.sol#L348-L423
Tool used
Manual Review
Recommendation
Implement slippage control for
amount0Minandamount1Min. Setdeadlineto a future timestamp.