MEV Attack on keeper's StrategyMainnet::claimAndSwap function can force transaction reversions
Summary
The claimAndSwap function in the protocol can be front-run by attackers to manipulate prices and force transaction to revert. This allows malicious actors to prevent keepers from executing core strategy operations, potentially maintaining depeg situations and disrupting protocol operations.
Vulnerability Details
Vulnerable code:
An attacker can monitor the mempool for keeper transactions and front-run them:
Do a swap to move the price
Here is an example attack:
An attacker monitors the mempool for a keeper's transaction.
When he sports a keeper's transaction he front-run it and manipulates the price
Finally the keeper's transaction executes and reverts due to price change
Impact
Keepers cannot execute core strategy operations when needed
Depeg situations could be maintained artificially
Higher costs for keepers due to failed transactions
Potential loss of arbitrage opportunities for the strategy
Could be exploited by competitors to maintain favorable market conditions
Malicious actors could prevent peg restoration to benefit their positions
Protocol loses ability to reliably perform operations during high volatility periods
Tools Used
Manual Review
Recommendations
Use private mempools or Flashbots for keeper transactions to prevent front-running
Add maximum price impact checks to prevent extreme price manipulation
Consider implementing keeper rotation or cooldown periods
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.