BPool functions missing minimum and maximum token safeguards
EricR opened this issue · comments
Description
Several functions in BPool.sol do not utilize user-provided minimum and/or maximum values for token exchanges and transfers. Such safeguard mechanisms are important to ensure that users end up with an expected number of tokens, which can otherwise fluctuate due to transaction ordering dependence (e.g., a transaction ends up decreasing a price before a user's order gets filled) as well as rounding errors (e.g., see #180 and #103).
Affected functions in BPool.sol include:
joinPoolexitPooljoinswap_ExternAmountInjoinswap_PoolAmountOutexitswap_PoolAmountInexitswap_ExternAmountOut
Attack Scenario
An attacker exploits transaction ordering dependence by waiting until several favorable transactions are pending, and then "races" in front of them by paying a higher Ethereum transaction fee. As a result, the attacker makes a profit and other users' trades within the same block do not reflect expected values.
Recommendation
All affected functions should be callable with relevant minimum and/or maximum token parameters, so that such calls will only succeed if validations pass.