Back to n1punp's contests

Asymmetry contest - n1punp's results

A protocol to help diversify and decentralize liquid staking derivatives.

General Information

Platform: Code4rena

Start Date: 24/03/2023

Pot Size: $49,200 USDC

Total HM: 20

Participants: 246

Period: 6 days

Judge: Picodes

Total Solo HM: 1

Id: 226

League: ETH

Asymmetry Finance

Findings Distribution

Researcher Performance

Rank: 242/246

Findings: 1

Award: $0.14

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAsymmetry Finance

Findings Information

🌟 Selected for report: HHK

Also found by: 019EC6E2, 0Kage, 0x52, 0xRobocop, 0xTraub, 0xbepresent, 0xepley, 0xfusion, 0xl51, 4lulz, Bahurum, BanPaleo, Bauer, CodeFoxInc, Dug, HollaDieWaldfee, IgorZuk, Lirios, MadWookie, MiloTruck, RedTiger, Ruhum, SaeedAlipoor01988, Shogoki, SunSec, ToonVH, Toshii, UdarTeam, Viktor_Cortess, a3yip6, auditor0517, aviggiano, bearonbike, bytes032, carlitox477, carrotsmuggler, chalex, deliriusz, ernestognw, fs0c, handsomegiraffe, igingu, jasonxiale, kaden, koxuan, latt1ce, m_Rassska, n1punp, nemveer, nowonder92, peanuts, pontifex, roelio, rvierdiiev, shalaamum, shuklaayush, skidog, tank, teddav, top1st, ulqiorra, wait, wen, yac

Awards

0.1353 USDC - $0.14

Labels

bug
3 (High Risk)
satisfactory
edited-by-warden
duplicate-142

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/derivatives/SfrxEth.sol#L74-L82

Vulnerability details

Impact

Stakers can lose all ETH upon unstaking (on the portion that comes from to frax pool), since the slippage control is incorrectly handled (calculated from spot price).

Proof of Concept

withdraw function in SfrxEth contract is vulnerable to sandwich attack. The pool price is calculated from spot price from Curve pool, which can easily be manipulated. minOut variable is also calculated from the manipulatable pool price. So, the potential attack vector is (steps 1,2, & 4 are sandwiched around normal user's transaction):

  1. Attacker flashloans ETH out -> deposits to Frax to obtain SfrxETH -> dumps SfrxETH token price
  2. Attacker provide enough liquidity (needed just enough liquidity to make sure price doesn't move too much upon swapping)
  3. Normal user executes unstake which then triggers withdraw from SfrxETH -> ETH. But since SfrxETH price is dumped, the obtained ETH is very minimal. The slippage control also easily passes, since the attacker added sufficiently deep liquidity, the price won't move much, so the slippage control check will pass β€”> this allows the attacker to get to obtain SfrxETH using minimal ETH
  4. Attacker unwinds and repays debt. (potentially swapping in other pools e.g. Balancer pool, or just hold onto tokens, since the value will go back to near peg value, so there’s minimal risk).

Tools Used

  • Don't use spot prices. Instead, it's recommended to use oracle service e.g. Chainlink (can contact them to build custom price feed), or use TWAP prices instead.
  • Make unstake function also accept another slippage control that is computed off-chain. So, it'll be sth like:
  ...
  require(ethAmountToWithdraw >= _minEthWithdrawAmt, 'too few eth');
}

#0 - c4-pre-sort

2023-04-04T18:46:46Z

0xSorryNotSorry marked the issue as duplicate of #698

#1 - c4-judge

2023-04-21T15:31:04Z

Picodes marked the issue as satisfactory

#2 - c4-judge

2023-04-22T09:24:41Z

Picodes marked the issue as duplicate of #1125

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter