Lines of code

Vulnerability details

Impact

The SfrxEth derivative contract calculates the maximum slippage for buying SfrxEth from curve pool by using the current price in the pool at runtime, without considering the price at which the user submitted the transaction to the mempool:

uint256 minOut = (((ethPerDerivative(_amount) * _amount) / 10 ** 18) *
    (10 **18 - maxSlippage)) / 10** 18;

IFrxEthEthPool(FRX_ETH_CRV_POOL_ADDRESS).exchange(
    1,
    0,
    frxEthBalance,
    minOut
);

<https://github.com/code-423n4/2023-03-asymmetry/blob/44b5cd94ebedc187a08884a7f685e950e987261c/contracts/SafEth/derivatives/SfrxEth.sol#L73-L82&gt;

Thus, a MEV bot can sandwich the SafEth.unstake() transaction, first causing slippage in its favor when the SfrxEth.withdraw() function is called and secondly earning a fees by buying LP-tokens from the curve pool where the transaction will occur. All of this will eat up around 1% of the user’s SfrxEth withdraw:

function initialize(address _owner) external initializer {
    _transferOwnership(_owner);
    maxSlippage = (1 * 10 ** 16); // 1%
}

<https://github.com/code-423n4/2023-03-asymmetry/blob/44b5cd94ebedc187a08884a7f685e950e987261c/contracts/SafEth/derivatives/SfrxEth.sol#L36-L39&gt;

Please note that the slippage occurs relative not to the price at which the user sent the transaction, but to the one chosen by the MEV bot when it decides that it is a favorable time for the bundle.

Tools Used

x

Recommended Mitigation Steps

Before submitting a SafEth.unstake() transaction to the mempool, the user should calculate and manage the slippage. One way to do this is by passing minOut as an argument to the unstake() function.

The text was updated successfully, but these errors were encountered:

All reactions