Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Fees.sol, `sellProfits()` is vulnerable to Sandwich attack amountOutMinimum and sqrtPriceLimitX96 are set as 0

LaScaloneta

Summary

The "sellProfits" function within the Fees.sol contract has potential vulnerability to a sandwich attack. This occurs because the function is public, and the parameters "amountOutMinimum" and "sqrtPriceLimitX96" are statically set to zero.

Vulnerability Details

A sandwich attack, or front running attack, happens when an attacker is able to manipulate the price of the token being sold in a trade by making a transaction with a higher gas price to get it processed before the original transaction, and then selling off the tokens after the price has been increased by the original transaction.

In the provided contract, "sellProfits" function, which is public, uses the Uniswap router to perform a swap of tokens. The parameter "amountOutMinimum" is set to 0, which means there are no restrictions on the minimum amount of tokens the function should return. This allows an attacker to perform a front-running attack, where they would create a transaction with a higher gas fee that would get processed before this one, buying up the token and increasing the price, before selling off their tokens once this transaction has processed, making a profit.

Additionally, "sqrtPriceLimitX96" is also set to 0, which means there is no price limit for the token, further enabling the possibility of a sandwich attack.

Impact

An attacker can leverage this vulnerability to manipulate token prices, leading to potential losses for the contract users and destabilizing the token market.

Tools Used

The vulnerability was discovered by manual inspection of the contract code.

Recommendations

Change the access level of the "sellProfits" function to "internal" or "private" to prevent direct public interaction, or ensure that it can only be called by an admin role.
Add "amountOutMinimum" and "sqrtPriceLimitX96" as parameters to the "sellProfits" function. This will enable the contract owner to set a minimum limit for the swap and a price limit, which will reduce the risk of a sandwich attack.
Include some kind of slippage protection mechanism to prevent massive price impact trades.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!