Redacted Cartel contest - pedroais's results

Lines of code

https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/vaults/AutoPxGmx.sol#L244

Vulnerability details

Impact

An attacker can systematically steal all rewards from the autoPxGMX vault as soon as the contract has balance.

Proof of Concept

The autoPxGMX vault stores pxGMX tokens and auto compounds the base rewards received in WETH by swapping them back to GMX and depositing them in pirex to get PxGMX.

The compound function can be called by anyone and will swap the whole WETH balance for GMX in uniswap V3. The function has a minimum amount out parameter that is freely set by anyone who calls it.

An attacker can systematically steal all WETH rewards from the contract by buying a huge amount of GMX from the pool, calling compound(), and selling the GMX for profit. The compound function, if called with a minimum amount out of 1 will sell WETH for GMX at any price.

If the attacker buys almost all GMX from the pool and then calls compound the contract will receive almost no GMX for the sold WETH. This sandwich attack can be done systematically and without frontrunning, since anyone can call the compound function. A contract can be created that does swap, compound, and swap all in one transaction. This can be done systematically, each time the contract has some WETH it can be fully stolen by a malicious actor. A bot could be created to wipe out the vault's reward balance each time rewards are received.

Recommended Mitigation Steps

Either make the compound function only owner so a trusted actor will set the minimum amount out or use a time-weighted average price oracle to determine a minimum price.