Missing Minimum LP Token Redemption Threshold in `remove_liquidity`
Description
The remove_liquidity instruction includes a check to prevent zero LP token redemption:
However, it does not enforce a minimum LP token amount threshold, which allows users to redeem extremely small (“dust”) amounts of LP tokens.
Impact
-
Dust Exploit Risk: An attacker or bot could repeatedly redeem very small LP token amounts in high-frequency patterns, causing unnecessary computation and potential state bloat.
-
Rounding Errors: Tiny redemptions may result in inconsistent token return amounts due to precision or rounding issues.
-
Gas & Compute Waste: Facilitates low-impact but costly transactions that degrade performance over time.
Recommendation
Enforce a reasonable minimum threshold for LP token redemptions to prevent dust-based abuse. For example:
This ensures redemptions are economically meaningful and avoids unnecessary micro-transactions.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.