`compound()` is prone to sandwich attacks
Summary
The function compound() is supposed to be called by keeper to add more Liquidity using reward tokens when necessary. When called by the keeper, the amount of token received by the caller can be less than it should if the transaction is sandwiched. Greatly reducing potential liquidity increase and by extension the depositor winnings.
Vulnerability Details
The current issue is that the minimum amount out of the swap is determined onchain which makes sandwich attacks possible as an MEV bot could bundle our transaction with 2 swaps one before and one after to affect the amount we receive on the swap effectively sandwiching out the transaction.
This is how the amountOut is calculated in the UniswapSwap contarct :
Function swapExactTokensForTokens :
The bot would make profits from the vault's reward accumulated by the Trove contract, leading to less LP tokens after adding liquidity to the GMX pool. Thus, the depositors will not profit from rewards.
Impact
High. If the compound() transaction is sandwiched the profits will be greatly reduced. Less incentives to use the protocol.
Tools Used
Manual Review
Recommendations
I recommend setting the amountOut as function parameter that will be used for the swap to protect price slippage from MEV bots.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.