-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Abhan1041 - Lack of slippage protection leads to loss of protocol funds #66
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A High severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
Comments
github-actions
bot
added
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A High severity issue.
labels
Sep 14, 2024
This was referenced Sep 14, 2024
Closed
Closed
Yes this is a valid issue, we've already fixed this prior to our trading competition except for the |
sherlock-admin3
added
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
labels
Sep 23, 2024
sherlock-admin3
changed the title
Acidic Flaxen Donkey - Lack of slippage protection leads to loss of protocol funds
Abhan1041 - Lack of slippage protection leads to loss of protocol funds
Sep 25, 2024
#75 is a duplicate of this one! |
The protocol team fixed this issue in the following PRs/commits: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A High severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
Abhan1041
High
Lack of slippage protection leads to loss of protocol funds
Summary
There is no slippage protection while removing liquidity and swap tokens from AMM.
Vulnerability Detail
There are 2 intances where slippage protection is missing which are as below:
vaultLib::redeemEarly
function is called in which_liquidateLpPartial
function and in that_redeemCtDsAndSellExcessCt
is called. In_redeemCtDsAndSellExcessCt
function CT tokens are swapped for RA tokens in AMM as below:As stated above,
swapExactTokensForTokens
function's 2nd parameter is 0 which shows that there is no slippage protection for thisswap and also deadline is block.timestamp.
vaultLib::_liquidateLpPartial
function__liquidateUnchecked
is called in which liquidity is removed from AMM of RA-CT token pair by burning LP tokens of protocol as below:As stated above,
removeLiquidity
function's 4th & 5th parameter is 0 which shows that there is no slippage protection for this swap and also deadline is block.timestamp.In such cases, an attacker can frontrun the transaction by seeing it in the mempool and manipulate the price such that protocol transaction have to bear heavy slippage which will leads to loss of protocol funds.
Also, there is block.timestamp as deadline so malicious node can prevent transaction to execute temporary and execute the transaction when there is high slippage which will also leads to loss of protocol funds.
Impact
Loss of protocol funds which will reduce the yield of users.
Code Snippet
https://github.com/sherlock-audit/2024-08-cork-protocol/blob/db23bf67e45781b00ee6de5f6f23e621af16bd7e/Depeg-swap/contracts/libraries/VaultLib.sol#L282
https://github.com/sherlock-audit/2024-08-cork-protocol/blob/db23bf67e45781b00ee6de5f6f23e621af16bd7e/Depeg-swap/contracts/libraries/VaultLib.sol#L345
Tool used
Manual Review
Recommendation
Protocol should implement slippage protection and set deadline while removing liquidity and also swap from AMM.
The text was updated successfully, but these errors were encountered: