Platform: Code4rena
Start Date: 04/01/2022
Pot Size: $75,000 USDC
Total HM: 17
Participants: 33
Period: 7 days
Judge: 0xean
Total Solo HM: 14
Id: 74
League: ETH
Rank: 17/33
Findings: 1
Award: $567.95
🌟 Selected for report: 1
🚀 Solo Findings: 0
🌟 Selected for report: certora
567.9485 USDC - $567.95
certora
frontrun Temporary Dos attack for the following functions: lend, borrow.
suppose Alice wants to use the lend function(same goes for borrow) so she needs to adjust x , y ,z to the current constant product k ( = xyz). Bob(an attacker) detects it and immediataly calls mint (x increase = 1, y increase = 0, z increase = 0) with more gas so his call will be executed first(alternativley bob can be a minor and save gas fee). now the constant prodcat increases and Alice's transactions will revert due to the check in the lend function that the new constasnt prodact is >= than the current.
vscode
#0 - Mathepreneur
2022-01-15T22:32:31Z
This issue is handled by proxy contracts that interact with the core contract and does the calculation first before making a call. For example, the Timeswap V1 Convenience does this.
#1 - 0xean
2022-01-25T23:38:07Z
This is essentially the same as slippage in uniswap and will happen in the normal use of the contracts even in a non malicious context.
Calls routed through the convenience contract are not affected, but its worth noting for anyone calling the contracts directly.