You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hardcoded amountAMin and amountBMin in __liquidateUnchecked function will lead to loss of funds.
Summary
The values for amountAMin and amountBMin in __liquidateUnchecked are set to 0 , this will lead to loss of funds for users.
Vulnerability Detail
When a user redeems LV with the redeemEarlyLv or redeemExpiredLv functions which both use __liquidateUnchecked function which calls ammRouter.removeLiquidity , both of the amountAMin and amountBMin are hardcoded to 0. The protocol states that :"amountAMin & amountBMin = 0 for 100% tolerence", but the problem is that calling the function with a lack of slippage protection may cause user to receive unexpected amounts of tokens. A malicious user can take advantage and front run the transaction causing severe loss for the user, which may receive much lower amount or 0 of (raReceived, ctReceived).
Impact
This issue will lead to loss of funds for users, so the impact will be high.
sherlock-admin3
changed the title
Clumsy Caramel Ostrich - Hardcoded amountAMin and amountBMin in __liquidateUnchecked function will lead to loss of funds.
0x6a70 - Hardcoded amountAMin and amountBMin in __liquidateUnchecked function will lead to loss of funds.
Sep 25, 2024
0x6a70
High
Hardcoded
amountAMin
andamountBMin
in__liquidateUnchecked
function will lead to loss of funds.Summary
The values for
amountAMin
andamountBMin
in__liquidateUnchecked
are set to 0 , this will lead to loss of funds for users.Vulnerability Detail
When a user redeems LV with the
redeemEarlyLv
orredeemExpiredLv
functions which both use__liquidateUnchecked
function which callsammRouter.removeLiquidity
, both of theamountAMin
andamountBMin
are hardcoded to 0. The protocol states that :"amountAMin & amountBMin = 0 for 100% tolerence
", but the problem is that calling the function with a lack of slippage protection may cause user to receive unexpected amounts of tokens. A malicious user can take advantage and front run the transaction causing severe loss for the user, which may receive much lower amount or 0 of(raReceived, ctReceived)
.Impact
This issue will lead to loss of funds for users, so the impact will be high.
Code Snippet
VaultLib.sol::__liquidateUnchecked
Information on the topic and why it should not be set to 0.
RareSkills
DefiHacksLabs
Tool used
Manual Review
Recommendation
Allow user to provide amounts for
amountAMin
andamountBMin
.Duplicate of #66
The text was updated successfully, but these errors were encountered: