Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

No Slippage Protection on Vault Withdrawals

ibukunola

Summary

The _withdrawFromVault() function withdraws crvUSD from curveVault with a min_amount of 0, leaving users vulnerable to slippage or sandwich attacks in the Curve pool. This medium-impact, medium-likelihood issue could reduce withdrawal amounts in volatile conditions, eroding user returns and trust.

Vulnerability Details

The function calls curveVault.withdraw() without enforcing a minimum output. Example:

User withdraws 10,000 crvUSD.
Attacker frontruns, shifts pool price down 10%.
User receives 9,000 crvUSD; attacker backruns, profiting 1,000 crvUSD.
The lack of slippage protection exposes users to market manipulation during withdrawals.

Impact

Users may lose a portion of their funds (e.g., 1,000 crvUSD per attack), a medium-impact loss that could accumulate in volatile markets. The medium likelihood stems from Curve pool dynamics, where price swings are plausible, potentially discouraging vault usage.

Tools Used

Testing Frameworks: Foundry to simulate sandwich attacks on withdrawals.

Recommendations

Add a minAmount parameter to _withdrawFromVault():

function _withdrawFromVault(uint256 amount, uint256 minAmount) internal {
curveVault.withdraw(amount, address(this), msg.sender, minAmount, new address[](0));
totalVaultDeposits -= amount;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.