The Standard

Summary

A user will not be able to swap the exact amount of the collateral to a different token safely. Swapping the exact amount of collateral will result in a value of 0 for the amountOutMinimum, this exposes the user to 100% slippage and can cause the loss of funds through slippage manipulation by attackers.

Vulnerability Details

This occurs due to the function calculateMinimumAmountOut() which has this following line of code:

This essentially sets the amountOutMinimum as 0 if the collateralValueMinusSwapValue is equals to the requiredCollatoralValue.

Impact

This causes the user to be subject to a slippage manipulation attack, which will result in a lower amount of tokens being returned, which will essentially result in the user being liquidated and losing all of their funds.

Proof of Concept

1. The attacker sees the collateral swap transaction from a vault smart contract in the mempool.

2. The attacker front runs the transaction by swapping a significant amount of collateral tokens for a supported token to be swapped for.

3. The price of the supported token to be swapped for increases considerably.

4. The vault swaps the collateral token for the supported token to be swapped at a higher price.

5. The vault now receives lesser/much fewer supported token to what they should have received.

6. The attacker now does the opposite transaction, swapping the supported tokens for the collateral tokens and also taking a profit from it.

Tools Used

Manual Review

Recommendations

To solve this issue, the protocol should still calculate the amountOutMinimum of the swap that will be executed with an oracle and no slippage. This ensures that the user will get the closest possible return from the swap and be protected from liquidations.