Lines of code
Vulnerability details
Impact
The attacker can launch a sandwich/flashloan attack on the updateFunding() function to gain most of the reward.
Proof of Concept
- The attacker observed that some reward is going to be distributed via updateFunding() function.
- The attacker borrowed flashloan and deposited it into the PerpetualAtlanticVaultLP.
- The attacker triggered the updateFunding() function
- Finally, the attacker redeems the assets from PerpetualAtlanticVaultLP and repay the flashloan
Tools Used
vscode
Recommended Mitigation Steps
In the short term, call UpdateFunding() more frequently.
In the long term, considering the staking time in PerpetualAtlanticVaultLP
Assessed type
Other
The text was updated successfully, but these errors were encountered:
All reactions