sellProfits
is prone to MEV sandwich attack --> profits can get drained
The swap via UniswapV3 router has amountOutMinimum
set to 0. And since the function is publicly callable by anyone, an attacker can MEV sandwich attack this sellProfits
transaction initiated by the attacker, to reap the rewards.
Profits get MEV drained --> 0 WETH from the swap.
Manual Review
Make this function authorized and callable only by trusted parties.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.