Skip to content
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.

TheNaubit - Missing transaction expiration check result in tokens selling at a worse price #212

Closed
sherlock-admin opened this issue May 23, 2023 · 0 comments
Closed

TheNaubit - Missing transaction expiration check result in tokens selling at a worse price #212

sherlock-admin opened this issue May 23, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented May 23, 2023
edited by github-actions bot
Loading

TheNaubit

medium

Missing transaction expiration check result in tokens selling at a worse price

Summary

The swap function used by the rebalancer misses the transaction expiration check, which may lead to the tokens being sold at a price that's lower than the market price at the moment of the swap.

Vulnerability Detail

Transaction expiration check (implemented in Uniswap via the deadline argument) allows users of Uniswap to protect from selling tokens at an outdated price that's lower than the current price. Consider this scenario:

  • The USSDRebalancer.rebalance function is called on the Ethereum mainnet.
  • Before the transaction is mined, there's a rapid increase of gas cost. The transaction remains in the mempool for some time since the gas cost paid by the transaction is lower than the current gas price.
  • While the transaction is in the mempool, the price of the token increases.
  • After a while, gas cost drops and the transaction is mined. The swapping is sandwiched by a MEV bot. The bot decreases the price of the token in a Uniswap pool so than the minimum output amount check still holds (well, the current value set by the project is 0 so it would work always, but even if the protocol sets a better value it will work) and earns a profit from the swapping happing at a lower price.
    As a result of the sandwich attack, tokens are swapped at an outdated price, which is now lower than the current price of the tokens.

There are similar reports in the past: sherlock-audit/2023-01-derby-judging#323

Impact

Rebalancing can be exploited by a sandwich attack making the protocol receive less yield than expected due to the tokens being sold at an outdated price.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L235

Tool used

Manual Review

Recommendation

Consider a reasonable value to the deadline argument. For example, Uniswap sets it to 30 minutes on the Etehreum mainnet and to 5 minutes on L2 networks.

Duplicate of #673
@github-actions github-actions bot closed this as completed Jun 5, 2023
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 5, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Jun 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin