Sandwich Attacks During Rebalancing

The WEDXBasePortfolio contract is vulnerable to sandwich attacks during rebalancing transactions. This exploit allows a malicious actor to profit by manipulating the market price of tokens involved in the rebalancing process. Despite the use of the maxSlippage parameter, the visibility of transactions on the blockchain enables attackers to front-run and back-run rebalancing transactions, leading to potential financial losses for the portfolio.

Rebalancing transactions in the WEDXBasePortfolio contract involve significant token swaps using Uniswap V3 pools. Due to the public nature of Ethereum transactions, these rebalancing transactions are visible in the mempool before being mined.

Malicious actors can exploit this by placing their transactions immediately before and after the rebalancing transaction. This is known as a sandwich attack, where the attacker can manipulate the token prices within the allowed slippage range to profit at the expense of the portfolio.

The impact of this vulnerability includes:

• Financial losses for the portfolio due to manipulated token prices.
• Increased transaction costs for the portfolio as a result of slippage.
• Potential destabilization of the portfolio's value and performance.

Exploit scenario:

1. Setup. maxSlippage is set at 5%, meaning the contract is willing to tolerate up to 5% price movement during a swap.
2. Exploit. A malicious actor monitors the mempool for rebalancing transactions. The attacker places a large buy order immediately before the rebalancing transaction, inflating the token price. The rebalancing transaction occurs, accepting the inflated price within the slippage tolerance. The attacker then places a sell order immediately after the rebalancing transaction, profiting from the price difference.
3. Example. Portfolio needs to rebalance and swap 100 ETH for USDC. The attacker front-runs the transaction, buying ETH and inflating the price by 5%. The portfolio's swap transaction is executed at the inflated price, accepting the 5% slippage. The attacker back-runs the transaction, selling ETH at the higher price, and profiting from the price difference.

Implementing a Cooldown Period:

Introduce a cooldown period between rebalancing transactions to reduce the likelihood of sandwich attacks. This involves adding a state variable to track the last transaction time and a modifier to enforce the cooldown.

// State variables
uint256 public cooldownPeriod = 300; // Example: 5 minutes
uint256 public lastRebalanceTimestamp;

// Modifier
modifier cooldown() {
    require(block.timestamp >= lastRebalanceTimestamp + cooldownPeriod, "Cooldown period not yet passed");
    _;
    lastRebalanceTimestamp = block.timestamp;
}

// Apply modifier to rebalancing functions
function deposit() public virtual payable onlyOwner cooldown returns (uint256) {
    // function logic
}

function withdraw(uint256 amount) virtual public onlyOwner cooldown {
    // function logic
}

function withdrawBruteForced() virtual public onlyOwner cooldown {
    // function logic
}

function _setPortfolio(address[] memory newAssets, uint256[] memory newDistribution, uint256 fee)
internal virtual cooldown returns (uint256) {
    // function logic
}

function _changeDistribution(uint256[] memory newDistribution, uint256 fee) internal virtual cooldown returns (uint256) {
    // function logic
}

Using Private Relays:

• Relay sensitive transactions through private relays like Flashbots to prevent them from being visible in the public mempool.
• This can be integrated into the deployment and operational procedures of the smart contract.