First Flight #22: Steaking

First Flight #22

Beginner FriendlyFoundryDeFi

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

ABSENCE OF SLIPPAGE PROTECTION CAUSES DEPOSIT DISREPANCIES

elprofesor

Summary

The depositIntoVault function lacks slippage protection, which can result in differences between the expected and actual amounts deposited.

Vulnerability Details

The function deposits staked ETH into the WETH Steak vault without accounting for potential slippage. As a result, the actual WETH amount received may differ from the anticipated amount, leading to inconsistencies in the number of shares allocated to the user.

Impact

Without slippage protection, the system is vulnerable to front-running or sandwich attacks. Malicious entities could exploit this weakness to manipulate the deposit process, causing users to receive fewer shares than anticipated and potentially compromising the fairness of the deposit system.

Tools Used

Manual Code Review

Recommendations

Implement slippage protection mechanisms or verify the deposited amount against the actual received amount to ensure consistency and equity in share allocation.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Lack of slippage check while depositing into ERC4626 WETH vault

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.