Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-08-DOPEX-FINDINGS-ISSUES-2192
HistorySep 06, 2023 - 12:00 a.m.

Flashloan/Sandwich Attacks on UpdateFunding()

2023-09-0600:00:00
Code4rena
github.com
6
flashloan attack
sandwich attack
updatefunding
perpetualatlanticvaultlp
reward
vscode
mitigation
staking time

7.2 High

AI Score

Confidence

Low

JSON

Lines of code

Vulnerability details

Impact

The attacker can launch a sandwich/flashloan attack on the updateFunding() function to gain most of the reward.

Proof of Concept

  1. The attacker observed that some reward is going to be distributed via updateFunding() function.
  2. The attacker borrowed flashloan and deposited it into the PerpetualAtlanticVaultLP.
  3. The attacker triggered the updateFunding() function
  4. Finally, the attacker redeems the assets from PerpetualAtlanticVaultLP and repay the flashloan

Tools Used

vscode

Recommended Mitigation Steps

In the short term, call UpdateFunding() more frequently.
In the long term, considering the staking time in PerpetualAtlanticVaultLP

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

7.2 High

AI Score

Confidence

Low

JSON