shealtielanz
high
The amount of stablecoins minted and received by a user when minting stablecoins for their collateral, can be decreased to an unlimited extent by manipulating the reserves of the pool leading to the user getting fewer stablecoins than requested
This issue is in the USSD contract at the mintForToken function.
/// Mint specific AMOUNT OF STABLE by giving token
function mintForToken(
address token,
uint256 tokenAmount,
address to
) public returns (uint256 stableCoinAmount) {
require(hasCollateralMint(token), "unsupported token");
IERC20Upgradeable(token).safeTransferFrom(
msg.sender,
address(this),
tokenAmount
);
stableCoinAmount = calculateMint(token, tokenAmount);
_mint(to, stableCoinAmount);
emit Mint(msg.sender, to, token, tokenAmount, stableCoinAmount);
}There is no parameter that allows a user to set the minimum amount of stablecoins they should get after swapping their collateral for stablecoins, and in a situation like this the slippage is set to zero by default meaning the user can get as low as zero amount of stablecoins for any amount of collateral, which will lead to loss of funds.
POC
Here a user sends collateral to the pool and the equivalent amount of stablecoins are minted and to be sent to the user. However, the user can’t specify the minimum amount of stablecoins that they would accept. A frontrunner/MEV can then manipulate the reserves of the pool via FLASHLOANS in order to make the reserves appear more valuable than it really is so the user receives stablecoins that are worth much less than what collateral is worth. This scenario is equivalent to a swap without a slippage limit.
The impact and the likelihood of this attack are High, as it will result in a loss of funds, and the cost of this attack is low.
As it can happen easily and there are a lot of MEV-searchers on the Ethereum main net ready to steal funds`.
Manual Review
Add an argument for the minimum amount of stablecoins to mint for an equivalent collateral to enable the users secure themselves against such attacks.