We set amount0Min and amount1Min to zero for the example - but this would be a vulnerability in production. A function calling mint with no slippage protection would be vulnerable to a frontrunning attack designed to execute the mint call at an inaccurate price.
Same issue happens when removes liquidity from the main and alternative positions:
If the user's transaction suffers from frontrunning, a much smaller amount of position can be minted. When an MEV bot frontruns the removal of liquidity, much smaller amounts of amount0Min and amount1Min are released.
Naresh
medium
AddLiquidity and RemoveLiquidity missing slippage protection
Summary
Functions
_mintPosition()
and_removeLiquidity()
missing slippage protection.Vulnerability Detail
When addling liquidity to the main and alternative positions, function
_mintPosition()
sets the amount0Min and amount1Min to 0.As Uniswap V3 docs highlight: https://docs.uniswap.org/contracts/v3/guides/providing-liquidity/mint-a-position#calling-mint
We set amount0Min and amount1Min to zero for the example - but this would be a vulnerability in production. A function calling mint with no slippage protection would be vulnerable to a frontrunning attack designed to execute the mint call at an inaccurate price.
Same issue happens when removes liquidity from the main and alternative positions:
The
amount0Min
andamount1Min
are set to 0.Impact
If the user's transaction suffers from frontrunning, a much smaller amount of position can be minted. When an MEV bot frontruns the removal of liquidity, much smaller amounts of amount0Min and amount1Min are released.
Code Snippet
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/42ef5f0eac1bc954e888cf5bfb85cbf24c08ec76/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L314-L315
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/42ef5f0eac1bc954e888cf5bfb85cbf24c08ec76/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L352-L353
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/42ef5f0eac1bc954e888cf5bfb85cbf24c08ec76/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L375-L376
Tool used
Manual Review
Recommendation
Recommend do not hardcode slippage protection parameter
amount0Min
andamount1Min
to 0 when increase liquidity or decrease liquidity.Duplicate of #8