Sandwich attack can affect base-to-base swap fee
Description
Normally, sandwich attacks on swaps through the WooPPV2 pool are mitigated by the minimum output amount checks, such that even if a sandwich attack occurs, the user is still left with an amount of tokens that they are happy with.
This means that, assuming normal operation, for every swap, the fee charged (which is always denominated in the quote token) should always be a reasonable amount of real value, since if it was not, the user would be left with an amount of output that they would be unhappy with, which would have violated the minimum output requirement.
However, this assumption fails for _swapBaseToBase
. When a base-to-base swap occurs, the first base is first swapped for the quote token, then the fee is charged as a percentage of the intermediary quote amount, and finally the quote amount is swapped for the second base. The amount of quote tokens received in the middle is not a quantity that the caller cares about, and it is not checked — only the output amount of the base 2 token is checked.
Impact
If a large base-to-base swap exists, an attacker or the caller can sandwich this swap to artificially increase or decrease the amount of quote tokens paid as fees from the reserve to the fee recipient.
For example, let us say A and B are base tokens and the quote token is Q. On the mempool, there is a large swap from A to B. If the swap occurred normally, 10 Q tokens will be charged as swap fees, corresponding to a fixed percentage feeRate
of the value.
However, if an attacker sandwiches this swap in order to artificially temporarily increase the prices of both A and B by the same factor during the transaction, then the quoteAmount
in the middle of the swap will be increased, so more than 10 Q tokens will be paid to the fee recipient. Since the prices are increased by the same factor, the swapper still gets the same amount of tokens back (the same value minus the fixed percentage), but now more quote tokens have been transferred from the reserve to the fee recipient.
Recommendations
There is not really a way to remediate this issue, because the price of the quote token should fluctuate according to intra-block transactions, and as long as the fee is denominated in the quote token, there is no way to independently calculate the correct amount of fee to charge for a base-to-base swap if prices are not trusted.
However, note that mitigating Finding ref also mitigates this issue, because if large transactions always increase the spread, it becomes prohibitively expensive to temporarily change any prices significantly. If a sandwich attack waits for a price update before finishing, so that the spread goes back down to normal, then that adds in the risk that other arbitrageurs step in and take the capital used in the attack.
Remediation
This issue has been acknowledged by WOOFI, and a fix was implemented in commit 8b086a35↗.