Lines of code
Vulnerability details
Attacker can drain the lending pool by leveraging two facts:
- swapAll allows 1% slippage
- There is no Health Factor check after close.
Alice and Bob are good friends, the steps are (in one single tx):
- Alice deposits 10000 USDT and borrows 7000$ worth of TR.
- Bob buys ETH at AMM to push up the price to oracle + 1%.
- Alice close but only repays 1 wei debt. The real intention is to swap from USDT collateral to ETH collateral.
- Bob sells ETH at AMM to pull down the price to oracle - 1%.
- Alice close but only repays 1 wei debt to swap to USDT collateral.
- Repeat
- Alice has 0 collateral and Bob gains 10000 USDT by sandwiching.
By continues sandwiching Alice, Bob can extract value from the pool. A simple mitigation is to add a HF check after each swap.
Assessed type
Context
The text was updated successfully, but these errors were encountered:
All reactions