Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

sellProfits open for large slippage from sandwich attack

chainnue

Summary

in Fees.sol, sellProfits function, there is no minimum output applied, thus open for a large slipage from sandwich attack

Vulnerability Details

The sellProfits function sets the amountOutMinimum to 0, allowing any return from the swap to be considered valid. However, this approach can be problematic as it leaves the transaction vulnerable to slippage, especially susceptible to sandwich attacks.

An attacker can exploit this vulnerability by monitoring the mempool for instances of the sellProfits function being called. They can then execute a sandwich attack, taking advantage of the unfavorable slippage that occurs during the function's execution. This can result in significant losses or profits for the attacker at the expense of the transaction's initiator.

File: Fees.sol
26: function sellProfits(address _profits) public {
27: require(_profits != WETH, "not allowed");
28: uint256 amount = IERC20(_profits).balanceOf(address(this));
29:
30: ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
31: .ExactInputSingleParams({
32: tokenIn: _profits,
33: tokenOut: WETH,
34: fee: 3000,
35: recipient: address(this),
36: deadline: block.timestamp,
37: amountIn: amount,
38: amountOutMinimum: 0,
39: sqrtPriceLimitX96: 0
40: });
41:
42: amount = swapRouter.exactInputSingle(params);
43: IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
44: }

Impact

Swap will fulfilled in undesirable price, losing asset

Tools Used

Manual analysis

Recommendations

Protocol need to provide a slippage parameter or minimum amount expected to ensure that the amount of token they receive back is in line with what they expect.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.