The minTokenOut for PendlePrincipalToken._redeemPT() is specified as zero. The expected approach for integration with external protocols is to let the user specify his slippage tolerance.
Vulnerability Detail
PendlePrincipalToken._redeemPT() will be called by PendlePrincipalToken._initiateWithdrawImpl() and PendlePrincipalToken._executeInstantRedemption() . These calls will originate from BaseStakingVault.initiateWithdraw(), BaseStakingVault.forceWithdraw() and BaseStakingVault._redeemFromNotional(). Therefore, withdrawing/redeeming tokens from BaseStakingVault will be impacted due to the current zero value.
Impact
In adversarial market conditions users might be getting zero tokens when withdrawing/redeeming and lose their funds.
brgltd
Medium
Lack of slippage protection
Summary
The
minTokenOutforPendlePrincipalToken._redeemPT()is specified as zero. The expected approach for integration with external protocols is to let the user specify his slippage tolerance.Vulnerability Detail
PendlePrincipalToken._redeemPT()will be called byPendlePrincipalToken._initiateWithdrawImpl()andPendlePrincipalToken._executeInstantRedemption(). These calls will originate fromBaseStakingVault.initiateWithdraw(),BaseStakingVault.forceWithdraw()andBaseStakingVault._redeemFromNotional(). Therefore, withdrawing/redeeming tokens fromBaseStakingVaultwill be impacted due to the current zero value.Impact
In adversarial market conditions users might be getting zero tokens when withdrawing/redeeming and lose their funds.
Code Snippet
https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/main/leveraged-vaults-private/contracts/vaults/staking/protocols/PendlePrincipalToken.sol#L137
Tool used
Manual Review
Recommendation
Convert the slippage to be a user input for withdraw/redeem flows.
Duplicate of #70