Users could potentially pay very high gas fees even for simple rigidRedemption

[code423n4]

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/pools/base/LybraPeUSDVaultBase.sol#L110-L114
https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/pools/base/LybraPeUSDVaultBase.sol#L125-L134
https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/pools/base/LybraPeUSDVaultBase.sol#L157-L163
https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/pools/base/LybraPeUSDVaultBase.sol#L192-L205
https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/configuration/LybraConfigurator.sol#L289-L308

Vulnerability details

When users do LybraPeUSDVaultBase::rigidRedemption (or liquidation or burn), _repay is called. It will buy some amount of collateral for PEUSD. Then it will call configurator.distributeRewards.

distributeRewards will:

• check PEUSD balance, and if it's greater (or equal) than 1000, it will send it to lybraProtocolRewardsPool
• check EUSD balance, and if it's greater than 1000, it will potentially exchange it to some other stablecoin, on Curve pool

Exchanging on Curve pool may be a very costly operation in terms of gas, so if it executes, user will have to pay high fee for it, although the operation has nothing to do with him.
It won't happen by itself, since LybraEUSDVaultBase doesn't call configurator.distributeRewards and if configurator.distributeRewards is called from LybraPeUSDVaultBase, EUSD balance of configurator will not increase.
However, it is possible to perform a griefing attack, when some user sees that EUSD.balanceOf(configurator) is close to 1000, say 998, and that user may simply do transfer of 2 + \epsilon dollars to configurator, so that if configurator.distributeRewards is called from LybraPeUSDVaultBase, user who performs rigid redemption, for example, will be forced to execute (possibly very expensive in terms of gas) Curve swap.

Impact

It is a loss of asset for user - although protocol gets a small amount of dollars, such a "poisoned" transaction may cost a user even several dozen dollars.
It is also conditional, because EUSD.balanceOf(configurator) has to be close to 1000 (if an attacker is willing to spend up to $10 for such an attack, there is a 1% chance he will be able to do it in any moment - this way, attacker could spend considerably less asset than his victim, although he will have to pay for this attack).
Since it leads to loss of assets and is conditional, finding is submitted as Medium.

Proof of Concept

1. Assume that gas fee went high for some reason (happens often on Ethereum, so it's likely to happen at some point).
2. Alice would like to exchange her 1000 PEUSD for WBETH, but swaps on Uniswap cost over $100, and no liquidations are possible in LybraWbETHVault. So she finds some redemption provider and decides to buy some of his WBETH for a market price.
3. There are 999 EUSDs in configurator and Bob, who hates Lybra protocol, sends 1 + \espilon EUSD to configurator so that the next person who calls distributeRewards will have to pay a lot for a transaction.
4. EUSD market price is strong enough (so 1 EUSD >= 1.005 USDC, assuming USDC is stableToken).
5. Additionally, premiumTradingEnabled = true.
6. Alice calls LybraWbETHVault::rigidRedemption in order to swap her EUSD, but instead of paying $100, she expects to pay considerably less, say $20.
7. At the end of rigidRedemption, distributeRewards will be called and since EUSD.balanceOf(configurator) > 1000, if(!premiumTradingEnabled || price <= 1005000) will be evaluated and will evaluate to false, hence Curve swap will be performed.
8. Entire operation may cost a lot of money and may become more expensive for Alice than if she just did a Uniswap swap.
9. Of course, it wasn't free for Bob either to perform the attack, but EUSD.transfer() for 1 EUSD is far cheaper than Curve swap that Alice was forced to execute.

Tools Used

VS Code

Recommended Mitigation Steps

Do one of the following:

• just acknowledge the issue and accept the risk
• introduce additional parameter to distributeRewards, which will tell whether PEUSDs or EUSDs should be handled there and call distributeRewards with different parameter value from LybraPeUSDVaultBase and LybraEUSDVaultBase

Assessed type

Other

[JeffCX]

It is expected the distributeReward use gas fee

[c4-pre-sort]

JeffCX marked the issue as low quality report

[c4-judge]

0xean marked the issue as unsatisfactory:
Insufficient quality