Closed sherlock-admin3 closed 1 month ago
Liquidity is added in the same ratio as the current ratio of the reserves, hence slippage protection is unnecessary. For the swap, the require implements slippage protection. Note that, as per the rules: "The dss-flappers (SBE) solution assumes losing several percentages of funds by design during the Uniswap interactions due to slippage, MEV, sudden market movements, sandwich attacks, oracles imprecision and update resolution, etc."
Bauer
High
The protocol lacks slippage protection when executing the
exec()
functionSummary
The protocol lacks slippage protection when executing the
exec()
function, making it vulnerable to sandwich attacks and resulting in potential financial losses.Vulnerability Detail
In the
FlapperUniV2.exec()
function, the protocol first swaps DAI for GEM tokens, then adds liquidity using the remaining DAI and GEM tokens. The issue here is the lack of slippage protection when callingpair.mint()
to add liquidity. This makes the protocol vulnerable to sandwich attacks, potentially leading to losses.From the Uniswap V2 router's
addLiquidity()
function, we see that parametersamountAMin
andamountBMin
are used for slippage protection.However, these parameters are missing in the current implementation. Additionally, when the protocol uses
_getAmountOut()
to calculate the amount of GEM tokens needed for purchase and subsequently adds liquidity, the checkrequire(_buy >= _sell * want / (uint256(pip.read()) * RAY / spotter.par()), "FlapperUniV2/insufficient-buy-amount")
does not effectively provide slippage protection. Since_getAmountOut()
is calculated within the protocol, if the pool has already been manipulated, the computed value may not be accurate.Testing showed a significant discrepancy between the
_buy()
and_sell * want / (uint256(pip.read()) * RAY / spotter.par())
calculations, indicating that this check does not offer adequate slippage protection.FlapperUniV2SwapOnly.exec()
also has the same issue.Impact
The protocol incurs losses.
Code Snippet
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/dss-flappers/src/FlapperUniV2.sol#L141-L164
Tool used
Manual Review The recommended fix is to implement slippage protection to prevent such vulnerabilities.
Recommendation