No slippage control when withdrawing a position leads to loss of funds #2
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-03
primary issue
Highest quality submission among a set of duplicates
🤖_03_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-10-superposition/blob/7ad51104a8514d46e5c3d756264564426f2927fe/pkg/seawater/src/lib.rs#L749
Vulnerability details
Impact
An attacker can sandwich a user withdrawing funds as there is no way to put slippage protection, which will cause a large loss of funds for the victim.
Proof of Concept
decr_position_09293696
function was removed entirely. Now, the only way for users to withdraw funds is by callingupdate_position_C_7_F_1_F_740
with negative delta.The issue is that in this way, users can't have any slippage protection.
decr_position
allowed users to choose anamount_0_min
andamount_1_min
of funds to receive, which is now zero.This allows an attacker to sandwich their withdrawal to steal a large amount of funds.
Recommended mitigation steps
Consider reintroducing a withdrawal function that offers slippage protection to users (they should be able to choose
amount_0_min, amount_1_min, amount_0_desired
, andamount_1_desired
).The text was updated successfully, but these errors were encountered: