5 matches found
Missing slippage/min-return check in NonUSTStrategy
Handle cmichel Vulnerability details The contracts are missing slippage checks which can lead to being vulnerable to sandwich attacks. A common attack in DeFi is the sandwich attack. Upon observing a trade of asset X for asset Y, an attacker frontruns the victim trade by also buying asset Y, lets...
[WP-H2] NonUSTStrategy.sol Improper handling of swap fees allows attacker to steal funds from other users
Handle WatchPug Vulnerability details NonUSTStrategy will swap the deposited non-UST assets into UST before depositing to EthAnchor. However, the swap fee is not attributed to the depositor correctly like many other yield farming vaults involving swaps ZapIn. An attacker can exploit it for the sw...
NonUSTStrategy invested assets can be manipulated
Handle cmichel Vulnerability details The NonUSTStrategy.investedAssets computes the value of the strategy by checking the output of a swap from the UST assets to underlying. This essentially uses Curve's UST/underlying spot price which can be manipulated. function investedAssets external view...
No slippage tolerance set in NonUSTStrategy
Handle palina Vulnerability details Impact The exchange performed in NonUSTStrategy.sol via Curve is executed with "0" as the minimum amount received as the result of the operation, which is likely to be exploited by front-running and may lead to the loss of funds. Proof of Concept...
No slippage control on _swapUstToUnderlying of NonUSTStrategy.sol
Handle cccz Vulnerability details Impact There is no slippage control on swapUstToUnderlying of NonUSTStrategy.sol, which expose strategy to sandwich attack. And since finishRedeemStable lacks access control, anyone can do a sandwich attack by calling the swapUstToUnderlying function. function...