Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-09-GOODENTRY-MITIGATION-FINDINGS-ISSUES-60
HistorySep 11, 2023 - 12:00 a.m.

Attacker can extract value from pool by sandwiching herself at swapAll during close

2023-09-1100:00:00
Code4rena
github.com
2
vulnerability
swapall
lending pool
sandwiching
close
drain
health factor
collateral
mitigation
amm
oracle
JSON

Lines of code

Vulnerability details

Attacker can drain the lending pool by leveraging two facts:

  1. swapAll allows 1% slippage
  2. There is no Health Factor check after close.

Alice and Bob are good friends, the steps are (in one single tx):

  1. Alice deposits 10000 USDT and borrows 7000$ worth of TR.
  2. Bob buys ETH at AMM to push up the price to oracle + 1%.
  3. Alice close but only repays 1 wei debt. The real intention is to swap from USDT collateral to ETH collateral.
  4. Bob sells ETH at AMM to pull down the price to oracle - 1%.
  5. Alice close but only repays 1 wei debt to swap to USDT collateral.
  6. Repeat
  7. Alice has 0 collateral and Bob gains 10000 USDT by sandwiching.

By continues sandwiching Alice, Bob can extract value from the pool. A simple mitigation is to add a HF check after each swap.

Assessed type

Context

The text was updated successfully, but these errors were encountered:

All reactions

JSON