Beedle - Oracle free perpetual lending

Summary

During the audit of the smart contract, a critical vulnerability was identified in the function "sellProfits". The vulnerability is related to the lack of a minimum amount requirement (amountOutMinimum) in the Uniswap v3 swap operation, which exposes the contract to potential front-running attacks. In a front-running attack, malicious actors can manipulate the swap price and profit at the expense of the contract by quickly executing transactions before it in the mempool.

Vulnerability Details

In the function "sellProfits", the contract performs a swap of tokens (_profits) for WETH using Uniswap v3's exactInputSingle function. However, the amountOutMinimum parameter is set to zero, indicating that the contract is willing to accept any amount of WETH received after the swap.

The lack of a minimum amount requirement exposes the contract to front-running attacks. Attackers can observe the contract's transaction in the mempool and quickly execute transactions to manipulate the swap price, resulting in the contract receiving a lower amount of WETH than expected.

Impact

If exploited, this vulnerability could lead to financial losses for the contract. Attackers can profit by manipulating the swap price to their advantage, causing the contract to receive a reduced amount of WETH during the swap. This may result in a significant reduction in the contract's funds and could disrupt the intended functionality of the platform. The attacker can drain funds via MEV bot sandwich attacks.

Tools Used

Manual code review

Recommendations

Set a Realistic amountOutMinimum. Define amountOutMinimum with a reasonable value, based on the expected amount of WETH the contract should receive after the swap. A value of at least 95% or 98% of the expected amount may be considered as a minimum.