shealtielanz
high
https://github.com/USSDofficial/ussd-contracts/blob/f44c726371f3152634bcf0a3e630802e39dec49c/contracts/USSD.sol#L236 More lines Line of Code Lines of Code
the UniV3SwapInput function in the USSD contract sets the amountOutMinimum to zero, which makes it prone to sandwich attacks.
This issue is in the USSD contract at the UniV3SwapInput function.
function UniV3SwapInput(
bytes memory _path,
uint256 _sellAmount
) public override onlyBalancer {
IV3SwapRouter.ExactInputParams memory params = IV3SwapRouter
.ExactInputParams({
path: _path,
recipient: address(this),
//deadline: block.timestamp,
amountIn: _sellAmount,
//@audit the slippage is set to zero, leaving the swap vunerable to sandwich attacks.
amountOutMinimum: 0
});
uniRouter.exactInput(params);
}This function is called by the contracts/USSDRebalancer.sol contract when it wants to perform swaps concerning USSD in order to Rebalance , the issue is the amountOutMinimum is set to zero meaning it can accept to take as much as zero amount of tokens when performing swaps in order to Rebalance, which is bad and when Sandwiched by an attacker, the attacker can increase the price of tokens which will lead to getting little amount of tokens than intended even down to o amount of token(dust amount), and the attacker would then back back run the buyer to sell the other token, gaining almost all the tokens. read this MEV bot sandwich attacks.
This issue is a very common issue as it has happened a lot of times.
To quote philosopher George Santayana, “Those who cannot remember the past are condemned to repeat it.”
Impact ~ High
Likelihood ~ High
Sandwich attacks are very common on the Ethereum mainet.
POC
the rebalancer rebalances ussd by selling the collateral and burning the ussd for peg down recovery, in this case there isn't an issue but for the situation for peg up recovery it buys the collateral and mints more ussd, and the UniV3SwapInput function is the essential function for this mechansim, where the rebalancer was made public for good reasons(to make ussd as Autonomous as possible, and making it resistant to centralization risks) this mechanism allows for manipulation, where a malicious actor can call the rebalancer function and where the contract needs peg up recovery(tries to buy more collateral and mints more ussd) the attacker can sandwich that transaction due to the zero slippage that allows for recieving zero amount of tokens when performing the swap,this causes an inbalance in the system, here the attacker has stolen the DAI intended to be gotten by ussd, although i haven't made proper calculation as to the amount of damage it could cause it done over and over and over again, but i could sure tell that it would not be good for this protocol.
Manual Analysis
A Good solution would be for the developers to set the slippage to a strict amount where the swaps would revert if such an attack is performed on it.