0xkaden - Unlimited slippage allowed in curve pool swap

[sherlock-admin]

0xkaden

high

Unlimited slippage allowed in curve pool swap

Summary

SdtRewardReceiver._withdrawRewards contains an optional token swap through a curve pool. The min output param is unsafely set, allowing anyone to sandwich the transaction, taking an unlimited amount of slippage, resulting in a loss of rewards for the user.

Vulnerability Detail

The swap in _withdrawRewards simply enforces the min_dy param (minimum amount of output token to receive) as the current result of get_dy() (returns the current output for the given swap). The problem with this logic is that minimum output is retrieved atomically with when the swap is executed, meaning that the slippage it would be enforcing has already occurred.

Consider for example how this may be sandwiched:

• Attacker see transaction in mempool which will swap sdt => cvgSdt
• Attacker frontruns the transaction with a large swap of sdt => cvgSdt
  • Increases the exchange rate of sdt => cvgSdt
• Transaction is processed
  • Min output amount is set as expected amount out at current exchange rate, which was just increased by frontrun tx
• Attacker backruns the transaction, selling all the cvgSdt back to sdt at an inflated price

Since the min output is based on the atomic exchange rate, the attacker can take an unlimited amount of slippage.

Impact

Sandwich bots can take unlimited slippage from reward withdrawals when swapped through curve pool.

Code Snippet

https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Staking/StakeDAO/SdtRewardReceiver.sol#L235

_poolCvgSDT.exchange(0, 1, rewardAmount, _poolCvgSDT.get_dy(0, 1, rewardAmount), receiver);

Tool used

Manual Review

Recommendation

A parameter should be provided to pass the minimum amount out.

Duplicate of #180