I found a vulnerability of SmartVault contract!!!
Summary
I can mint you tokens(ex:EUROs) with almost zero collateral tokens.
Vulnerability Details
There is "swap" function for swaping collateral tokens in SmartVault contract. There's no problem if vault owner swaps collateral tokens before he mints EUROs. But what if he swaps collateral tokens after minting EUROs? In "swap" function "amountOutMinimum" is set to 0. So sandwitch attack is available.
Step 1: Hacker deposits collateral tokens(ARB tokens) into SmartVault.
Step 2: Hacker mints EUROs.
Step 3: Hacker swaps a lot of ARB tokens to WETH tokens in Uniswap v3.
Step 4: Hacker calls "swap" function of SmartVault, ARB tokens in SmartVault will be swapped to almost zero WETH tokens because of very high slippage.
Step 5: Hacker swaps WETH to ARB in Uniswap v3.
Impact
Finally hacker gets almost all ARB tokens deposited in SmartVault, so he can mint EUROs with almost zero collateral tokens(WETH).
Tools Used
Recommendations
Lead Judging Commences
informational/invalid
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.