Skip to content

Latest commit

 

History

History
66 lines (33 loc) · 2.61 KB

020.md

File metadata and controls

66 lines (33 loc) · 2.61 KB

Curly Eggplant Bee

High

Front-Running Due to Static Slippage Tolerance

Summary

The static slippage tolerance calculation in addLiquidityV2 will cause financial loss for liquidity providers as MEV bots or attacker will front-run transactions to manipulate token prices and exploit slippage.

Root Cause

In addLiquidityV2 (code link), the slippage calculation (_pTKNLPTokens * (1000 - _slippage)) / 1000 uses a static user-provided value. This allows MEV bots or even attackers to manipulate the token price during the transaction’s pending state.

Internal Pre-conditions

  1. Liquidity providers must set a slippage tolerance (_slippage) that allows exploitable price ranges (example >1%).
  2. The protocol’s paired LP token (e.g., IDX/ETH) must have sufficient liquidity for price manipulation to be profitable.

External Pre-conditions

MEV bots or an attackers must monitor the mempool for pending addLPAndStake transactions.

Attack Path

  1. User calls addLPAndStake with _slippage = 100 (10% tolerance).

  2. MEV bot or an attacker detects the transaction in the mempool and front-runs it by buying the paired LP token (e.g., IDX), inflating its price.

  3. User’s transaction executes at the manipulated price, resulting in fewer LP tokens minted than expected.

  4. MEV bot sells the token back at the inflated price, profiting from the price difference.

Impact

  1. Liquidity providers suffer an approximate loss of X% (based on slippage exploited).
  2. MEV bots or attackers gain the arbitrage profit extracted from the manipulated price.

PoC

Alice wants to add liquidity to the index fund with 100 IDX tokens and 1 ETH (current price: 1 ETH = 100 IDX).

She calls addLPAndStake with _slippage = 100 (10% tolerance), allowing the transaction to execute even if the price moves by up to 10%.

Bob detects Alice’s transaction in the mempool.

He front-runs it by buying 50 IDX tokens on the DEX, pushing the price to 1 ETH = 90 IDX (a 10% price increase).

Alice’s liquidity is added at the manipulated rate: 1 ETH = 90 IDX (within her 10% slippage tolerance).

She receives LP tokens based on the inflated price, effectively getting 10% fewer LP tokens than expected.

Bob’s Profit:

Bob sells the 50 IDX tokens back at the inflated price, netting a profit of ~5.55 ETH (arbitrage from the price difference).

Alice loses 10% of her expected LP tokens due to price manipulation.

Bob extracts value from Alice’s transaction, incentivizing further attacks.

Mitigation

No response