Closed sherlock-admin2 closed 1 month ago
No, this claim is wrong. In the scope is clearly described that moving all the funds will happen to a new pool that will be empty, it doesn't matter the rate we take the funds from the prev pool. It will be able to just deposit at the exact same rate between tokens (considering the fixed rate of 24000 between MKR and NGT).
Bauer
High
The protocol lacks slippage protection when removing liquidity
Summary
The protocol lacks slippage protection when removing liquidity, making it vulnerable to sandwich attacks, which can lead to losses.
Vulnerability Detail
The function
UniV2PoolMigratorInit.init()
is designed to remove all liquidity from a Uniswap V2 pool. The DAI obtained from this liquidity removal is then converted into NST, and MKR is converted into NGT. These tokens are subsequently added as liquidity in a new pool, pairing NST and NGT.However, the protocol lacks slippage protection during the
burn()
process, making it vulnerable to sandwich attacks. Malicious users can buy tokens in advance to manipulate the price of one token, causing the amount received fromburn()
to be less than expected, resulting in a loss for the protocol. The attacker then sells the tokens afterward to profit from the manipulated price. In the Uniswap V2 router's remove liquidity function, we see that the protocol specifiesamountAMin
andamountBMin
to set the minimum expected amounts to be received. https://github.com/Uniswap/v2-periphery/blob/master/contracts/UniswapV2Router02.solHowever, in the
init()
function, these parameters are missing. Although the Maker Governance Contract has 99.97% of the liquidity(https://etherscan.io/token/0x9f8f72aa9304c8b593d555f12ef6589cc3a579a2#balances), the protocol is still susceptible to sandwich attacks. If such an attack occurs, the potential loss could be significant.Impact
The protocol will incur losses.
Code Snippet
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/univ2-pool-migrator/deploy/UniV2PoolMigratorInit.sol#L41-L73
Tool used
Manual Review
Recommendation
It is recommended to implement slippage protection to mitigate this risk.