You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
sherlock-admin opened this issue
May 23, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
Missing transaction expiration check result in tokens selling at a worse price
Summary
The swap function used by the rebalancer misses the transaction expiration check, which may lead to the tokens being sold at a price that's lower than the market price at the moment of the swap.
Vulnerability Detail
Transaction expiration check (implemented in Uniswap via the deadline argument) allows users of Uniswap to protect from selling tokens at an outdated price that's lower than the current price. Consider this scenario:
Before the transaction is mined, there's a rapid increase of gas cost. The transaction remains in the mempool for some time since the gas cost paid by the transaction is lower than the current gas price.
While the transaction is in the mempool, the price of the token increases.
After a while, gas cost drops and the transaction is mined. The swapping is sandwiched by a MEV bot. The bot decreases the price of the token in a Uniswap pool so than the minimum output amount check still holds (well, the current value set by the project is 0 so it would work always, but even if the protocol sets a better value it will work) and earns a profit from the swapping happing at a lower price.
As a result of the sandwich attack, tokens are swapped at an outdated price, which is now lower than the current price of the tokens.
Rebalancing can be exploited by a sandwich attack making the protocol receive less yield than expected due to the tokens being sold at an outdated price.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
TheNaubit
medium
Missing transaction expiration check result in tokens selling at a worse price
Summary
The swap function used by the rebalancer misses the transaction expiration check, which may lead to the tokens being sold at a price that's lower than the market price at the moment of the swap.
Vulnerability Detail
Transaction expiration check (implemented in Uniswap via the deadline argument) allows users of Uniswap to protect from selling tokens at an outdated price that's lower than the current price. Consider this scenario:
As a result of the sandwich attack, tokens are swapped at an outdated price, which is now lower than the current price of the tokens.
There are similar reports in the past: sherlock-audit/2023-01-derby-judging#323
Impact
Rebalancing can be exploited by a sandwich attack making the protocol receive less yield than expected due to the tokens being sold at an outdated price.
Code Snippet
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L235
Tool used
Manual Review
Recommendation
Consider a reasonable value to the deadline argument. For example, Uniswap sets it to 30 minutes on the Etehreum mainnet and to 5 minutes on L2 networks.
Duplicate of #673
The text was updated successfully, but these errors were encountered: