Short Fleece Nightingale
Medium
The lack of slippage protection will cause a financial loss for users as an attacker will manipulate the transaction order to execute sandwich attacks.
In Leverager.sol:openLeveragedPosition the lack of slippage protection allows for front-running and back-running of transactions.
User needs to call openLeveragedPosition() to initiate a leveraged position.
Transaction fees need to be low enough for the attacker to execute multiple transactions quickly.
- User calls
openLeveragedPosition()to open a leveraged position. - Attacker front-runs the user's transaction, manipulating the price.
- User's transaction executes at the manipulated price. 4, Attacker back-runs the user's transaction, reverting the price to profit from the price difference.
The users suffer an approximate loss of the difference between the manipulated and actual prices. The attacker gains this difference.
// Assuming a simple price manipulation scenario
function testSandwichAttack() public {
address user = address(0x1234567890123456789012345678901234567890);
address attacker = address(0x9876543210987654321098765432109876543210);
Leverager leverager = new Leverager();
// Attacker front-runs the user's transaction
leverager.openLeveragedPosition(LeverageParams({...})); // Manipulate price
// User's transaction
vm.prank(user);
leverager.openLeveragedPosition(LeverageParams({...})); // User's actual transaction
// Attacker back-runs the user's transaction
leverager.openLeveragedPosition(LeverageParams({...})); // Revert price to profit
}