🌊Slippage Checks

Scenario: MEV Front-Running Exploit During Withdrawals

• Description: A user is withdrawing assets from an ERC4626 vault, which involves converting underlying assets back into the user’s desired token (e.g., converting LP tokens into ETH). An MEV bot sees this pending transaction in the mempool and front-runs the user by executing a transaction that manipulates the price on the DEX where the swap is taking place.

• Impact: The MEV bot manipulates the price or slippage, causing the user’s withdrawal to execute at a worse price, leading the user to receive less than they should.

How the MEV Exploit Works:

1. User Initiates Withdrawal:

   • Alice requests to withdraw 10 shares from the vault, expecting to receive 10 ETH. The vault needs to swap the underlying asset (e.g., stETH or LP tokens) for ETH on a DEX to fulfill the withdrawal.

2. MEV Bot Observes the Transaction:

   • An MEV bot scans the mempool and detects Alice’s pending withdrawal. The bot notices that the withdrawal will involve a large swap on the DEX, which could temporarily affect the price of the token pair (stETH/ETH).

3. Bot Front-Runs the Swap:

   • The MEV bot front-runs Alice’s transaction by executing a large buy or sell order on the same DEX pair before Alice's withdrawal is executed. This artificially increases slippage for Alice's transaction, causing the vault’s swap to execute at a less favorable price.

4. Price Impact and Slippage:

   • When Alice’s withdrawal is processed, the vault’s swap occurs at a worse exchange rate due to the price change caused by the bot’s manipulation. As a result, Alice receives less ETH than she should have.

5. MEV Bot Profits:

   • After Alice’s transaction, the MEV bot sells or buys back the token it used to manipulate the price, profiting from the price difference. This is often referred to as a "sandwich attack," where the bot places a buy order before Alice's swap and a sell order after her transaction to extract profit from the price movement.

Example Calculation:

• Initial State:

  • Vault has 100 stETH, worth 100 ETH.

  • Alice wants to withdraw 10 shares, expecting 10 ETH.

• MEV Bot Front-Runs:

  • The bot executes a large buy order on the stETH/ETH pair before Alice’s swap, pushing the price up. The vault’s swap is now less favorable due to the price impact, and Alice receives only 9.5 ETH.

• MEV Bot Profits:

  • After Alice’s withdrawal is executed, the bot sells back the stETH it bought at the now higher price, profiting from the price difference.

Conclusion:

In the context of an ERC4626 vault, MEV front-running exploits can occur when a user’s withdrawal involves swaps or price-sensitive interactions. An MEV bot can profit by manipulating the swap prices or creating slippage that negatively impacts the user’s withdrawal amount. Protection strategies like slippage controls, TWAPs, and using Flashbots/private transactions can help mitigate these risks and provide users with more predictable withdrawal outcomes.