splitReinvest()
can be front run
#312
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
Handle
WatchPug
Vulnerability details
https://github.com/code-423n4/2021-11-malt/blob/c3a204a2c0f7c653c6c2dda9f4563fd1dc1cecf3/src/contracts/RewardReinvestor.sol#L78-L90
The current implementation of
splitReinvest()
provides no parameter for slippage control, making them vulnerable to front-run attacks.POC
splitReinvest()
;Recommendation
Consider adding a
amountOutMin
parameter.The text was updated successfully, but these errors were encountered: