20,000 USDC
View results
Submission Details
Severity: high
Valid

`sellProfits` is prone to MEV sandwich attack

Summary

sellProfits is prone to MEV sandwich attack --> profits can get drained

Vulnerability Details

The swap via UniswapV3 router has amountOutMinimum set to 0. And since the function is publicly callable by anyone, an attacker can MEV sandwich attack this sellProfits transaction initiated by the attacker, to reap the rewards.

Impact

Profits get MEV drained --> 0 WETH from the swap.

Tools Used

Manual Review

Recommendations

  • Make this function authorized and callable only by trusted parties.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.