Skip to content

Latest commit

 

History

History
59 lines (39 loc) · 1.6 KB

057.md

File metadata and controls

59 lines (39 loc) · 1.6 KB
Raw

Large Champagne Terrier

Medium

An attacker will cause loss of funds for admin.

Summary

Missing slippage check in DaoCollateral.sol#redeemDao() will cause loss of funds for admin as an attacker will manipulate price.

https://github.com/sherlock-audit/2024-10-usual-labs-v1/blob/main/pegasus/packages/solidity/src/daoCollateral/DaoCollateral.sol#L752

Root Cause

  • In DaoCollateral.sol#redeemDao() there is no slippage check.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  • The attacker sandwich admin's transaction which will cause loss of funds by manipulating price.

Impact

The admin suffers loss of funds from attacker's manipulating of price by sandwiching that transaction.

PoC

No response

Mitigation

We have to modify DaoCollateral.sol#redeemDao() as follows.

-   function redeemDao(address rwaToken, uint256 amount) external nonReentrant {
+   function redeemDao(address rwaToken, uint256 amount, uint256 minAmountOut) external nonReentrant {
        // Amount can't be 0
        if (amount == 0) {
            revert AmountIsZero();
        }

        _requireOnlyAdmin();
        // check that rwaToken is a RWA token
        if (!_daoCollateralStorageV0().tokenMapping.isUsd0Collateral(rwaToken)) {
            revert InvalidToken();
        }
        uint256 returnedCollateral = _burnStableTokenAndTransferCollateral(rwaToken, amount, 0);
+       if (returnedCollateral < minAmountOut) {
+           revert AmountTooLow();
+       }
        emit Redeem(msg.sender, rwaToken, amount, returnedCollateral, 0);
    }