medium

Liquidators can be front-run to their loss

Reward

Total

902.86 USDC

265.55 USDC
265.55 USDC
Selected
371.76 USDC
Selected Submission

Liquidators can be front-run to their loss

Severity

High Risk

Relevant GitHub Links

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/d1c5501aa79320ca0aeaa73f47f0dbc88c7b77e2/src/DSCEngine.sol#L229

Summary

DSC liquidators are prone to oracle price manipulations and MEV front-run attacks

Vulnerability Details

Sudden token price changes caused by oracle price manipulations and MEV front-run can cause liquidators to get less than expected collateral tokens.

Impact

Liquidators stand to earn less than expected collateral tokens for deposited DSC

Tools Used

Manual review

Recommendations

Function liquidate should have an input parameter uint256 minimumOutputTokens and the function should revert at Ln 253 if

require(totalCollateralToRedeem >= minimumOutputTokens, "Too little collateral received.");