No slippage upon withdrawing from `LendingAssetVault` will result in a loss for the withdrawer

Summary

No slippage upon withdrawing from LendingAssetVault will result in a loss for the withdrawer

Root Cause

Upon withdrawing from LendingAssetVault, we have this code:

    function withdraw(uint256 _assets, address _receiver, address _owner) external override returns (uint256 _shares) {
        _updateInterestAndMdInAllVaults(address(0));
        _shares = convertToShares(_assets);
        _withdraw(_shares, _assets, _owner, _msgSender(), _receiver);
    }

As seen, there is no slippage which will cause a user to receive less than expected in a certain case.

Internal Pre-conditions

No response

External Pre-conditions

No response

Attack Path

User wants to withdraw his 100 shares and expects to receive 100 assets in return
While his transaction is in the mempool, there is a bad debt liquidation in the underlying pair (FraxlendPair)
Instead of receiving 100 assets, he only receives 50 as the share value went down due to step 2

Impact

Users receive less than expected

PoC

No response

Mitigation

Allow users to provide the minimum amount of assets they are willing to receive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

081.md

081.md

No slippage upon withdrawing from `LendingAssetVault` will result in a loss for the withdrawer

Summary

Root Cause

Internal Pre-conditions

External Pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

081.md

Latest commit

History

081.md

File metadata and controls

No slippage upon withdrawing from LendingAssetVault will result in a loss for the withdrawer

Summary

Root Cause

Internal Pre-conditions

External Pre-conditions

Attack Path

Impact

PoC

Mitigation

No slippage upon withdrawing from `LendingAssetVault` will result in a loss for the withdrawer