search

sherlock-audit / 2024-06-leveraged-vaults-judging

9 stars 8 forks source link

lemonmon - Missing slippage protection in `Ethena:_sellStakedUSDe` #97

Closed sherlock-admin4 closed 2 months ago

sherlock-admin4 commented 2 months ago

lemonmon

Medium

Missing slippage protection in Ethena:_sellStakedUSDe

Summary

Slippage protection inside the function Ethena:_sellStakedUSDe may not be done in the case where the borrowToken is DAI.

Vulnerability Detail

The function Ethena:_sellStakedUSDe may execute up to 2 trades by calling _executeTrade() on line 146 and 163 in Ethena.sol.

The trade params for the first trade are missing slippage protection (line 136 Ethena.sol) with the comment that the slippage protection will be done in the 2nd trade, where the minPurchaseAmount is used to protect against slippage (line 157 Ethena.sol).

However, the 2nd trade is only done if borrowToken != address(DAI) (line 151 Ethena.sol). This means that if the borrowToken is DAI, there is no slippage protection applied and the unwrapped daiAmount received from the first trade is assigned to the return value borrowedCurrencyAmount (line 165 Ethena.sol).

Impact

When a victim account exits a vault, an attacker might execute a sandwich attack to manipulate the price, so that the victim will suffer a loss.

Code Snippet

https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/14d3eaf0445c251c52c86ce88a84a3f5b9dfad94/leveraged-vaults-private/contracts/vaults/staking/protocols/Ethena.sol#L124-L167

Tool used

Manual Review

Recommendation

Consider implementing some slippage protection for the case where the borrowToken is DAI.

// Ethena.sol
164        } else {
+ 165          require(minPurchaseAmount >= sDAIAmount);    
166            borrowedCurrencyAmount = daiAmount;
167        }

Duplicate of #18