Closed sherlock-admin4 closed 4 months ago
2 comment(s) were left on this issue during the judging contest.
z3s commented:
32
PNS commented:
slippage control is (will be) at the Tranche.issue level and not at the adapter level (following issue #84 in the previous contest)
As a Sherlock judge we have limited resources to rejudge people their issue, these resources are allocated through the escalation mechanism. As your issue wasn't escalated I'm not able to rejudge it.
These were duplicates of 88, that was escalated and was duplicated with another issue. Hence, all the duplicates of 88 were also duplicated accordingly.
But both this and #32 weren't duplicated with 88 by the lead judge and wasn't escalated. This is why these weren't rejudged.
ZanyBonzy
medium
Lack of slippage control during staking in bedrock
Summary
No slippage control when staking for uniETH
Vulnerability Detail
When
prefundedDeposit
function is called, the function routes to the_stake
function which is used to mint uniETH tokens from bedrock. The function calls themint
function passing in 0 as the minimum amount to mint. Setting the minToMint parameter to zero means that the protcol is willing to accept any and all available amount returned by bedrock, opening the protocol to sandwich attack, slippage losses. A large ETH stakeAmount could potentially mint very small amount of uniETH, causing loss of funds.Impact
Loss of funds, due to unfair mints and slippage losses.
Code Snippet
https://github.com/sherlock-audit/2024-05-napier-update/blob/c31af59c6399182fd04b40530d79d98632d2bfa7/napier-v1/src/adapters/BaseLSTAdapter.sol#L155
https://github.com/sherlock-audit/2024-05-napier-update/blob/c31af59c6399182fd04b40530d79d98632d2bfa7/napier-v1/src/adapters/bedrock/UniETHAdapter.sol#L78
https://github.com/sherlock-audit/2024-05-napier-update/blob/c31af59c6399182fd04b40530d79d98632d2bfa7/napier-v1/src/adapters/bedrock/UniETHAdapter.sol#L80
Tool used
Manual Review
Recommendation