The minTokenOut for PendlePrincipalToken._redeemPT() is specified as zero. The expected approach for integration with external protocols is to let the user specify his slippage tolerance.
Vulnerability Detail
PendlePrincipalToken._redeemPT() will be called by PendlePrincipalToken._initiateWithdrawImpl() and PendlePrincipalToken._executeInstantRedemption() . These calls will originate from BaseStakingVault.initiateWithdraw(), BaseStakingVault.forceWithdraw() and BaseStakingVault._redeemFromNotional(). Therefore, withdrawing/redeeming tokens from BaseStakingVault will be impacted due to the current zero value.
Impact
In adversarial market conditions users might be getting zero tokens when withdrawing/redeeming and lose their funds.
brgltd
Medium
Lack of slippage protection
Summary
The
minTokenOut
forPendlePrincipalToken._redeemPT()
is specified as zero. The expected approach for integration with external protocols is to let the user specify his slippage tolerance.Vulnerability Detail
PendlePrincipalToken._redeemPT()
will be called byPendlePrincipalToken._initiateWithdrawImpl()
andPendlePrincipalToken._executeInstantRedemption()
. These calls will originate fromBaseStakingVault.initiateWithdraw()
,BaseStakingVault.forceWithdraw()
andBaseStakingVault._redeemFromNotional()
. Therefore, withdrawing/redeeming tokens fromBaseStakingVault
will be impacted due to the current zero value.Impact
In adversarial market conditions users might be getting zero tokens when withdrawing/redeeming and lose their funds.
Code Snippet
https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/main/leveraged-vaults-private/contracts/vaults/staking/protocols/PendlePrincipalToken.sol#L137
Tool used
Manual Review
Recommendation
Convert the slippage to be a user input for withdraw/redeem flows.
Duplicate of #70