Sandclock contest - pmerkleplant's results

The Next Generation of Wealth Creation.

General Information

Platform: Code4rena

Start Date: 06/01/2022

Pot Size: $60,000 USDC

Total HM: 20

Participants: 33

Period: 7 days

Judge: LSDan

Total Solo HM: 9

Id: 67

League: ETH

Sandclock

Findings Distribution

Researcher Performance

Rank: 28/33

Findings: 1

Award: $90.06

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Sandclock

Findings Information

🌟 Selected for report: camden

Also found by: Ruhum, WatchPug, cccz, cmichel, danb, defsec, harleythedog, hyh, kenzo, leastwood, palina, pauliax, pmerkleplant, ye0lde

Labels

bug

duplicate

3 (High Risk)

Awards

90.0579 USDC - $90.06

External Links

Link to GitHub issue

Handle

pmerkleplant

Vulnerability details

Impact

The functions _swapUnderlyingToUst and _swapUstToUnderlying in NonUSTStrategy.sol are vulnerable to sandwich attacks.

Sandwich attacks leak value from the protocol.

Proof of Concept

The above mentioned functions initiate trades on Curve using Curve's exchange_underlying function (see line 78 and 94).

However, the function expects an argument of minimum amounts of tokens to receive. This amount is set to 0, opening the doors for sandwich attacks.

Recommended Mitigation Steps

Always calculate an estimate return when trading on Curve.

#0 - naps62
2022-01-11T18:41:51Z

duplicate of #8

#1 - dmvt
2022-01-27T11:48:51Z

duplicate of #7

Sandclock contest - pmerkleplant's results

The Next Generation of Wealth Creation.

General Information

Findings Distribution

Researcher Performance

External Links

[H-03] `NonUSTStrategy` is vulnerable to sandwich attacks - $90.06

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Recommended Mitigation Steps

#0 - naps622022-01-11T18:41:51Z

#1 - dmvt2022-01-27T11:48:51Z

#0 - naps62
2022-01-11T18:41:51Z

#1 - dmvt
2022-01-27T11:48:51Z