Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield
Description
Brief/Intro
The TokeAutoUSDStrategy contract fails to implement slippage protection when depositing assets into the Tokemak AutoUSD vault via the depositMax function is called with minSharesOut parameter set to 0 . This vulnerability enables MEV sandwich attacks where an attacker can manipulate the underlying pool prices (via flash loans) during the victim's deposit transaction, resulting in important money loss for depositors.
Vulnerability Details
In the _allocate function of TokeAutoUSDStrategy.sol (line 45), the depositMax function is called with minSharesOut parameter set to 0:
function_allocate(uint256amount)internaloverridereturns(uint256){require(TokenUtils.safeBalanceOf(address(usdc),address(this))>= amount,"Strategy balance is less than amount"); TokenUtils.safeApprove(address(usdc),address(router), amount);@>uint256 shares = router.depositMax(autoUSD,address(this),0); TokenUtils.safeApprove(address(autoUSD),address(rewarder), shares); rewarder.stake(address(this), shares);return amount;}
This means there is no minimum requirement or the number of vault shares received in return for the deposited USDC into the vault. As a result, if after a deposit is initiated and a MEV bot sees the transaction and then attempts to manipulate the value of USDC against the Share by attacking the vault with a flash loan that will drastically increase the price of the Shares, the user will receive a much lower value of Shares than they were supposed to get. This represents a significant loss for the user because they did not set the minimum number of Shares to receive after their deposit.
Impact Details
This vulnerability has a high impact because it directly allows measurable, reproducible loss of user funds through price manipulation during deposits. By setting minSharesOut = 0, the strategy removes any slippage protection, making depositors fully exposed to MEV and flash-loan attacks. During such an attack, an attacker can temporarily inflate the vault’s share price before the victim’s transaction is executed(by flash loan attack ). As a result, the depositor receives significantly fewer shares than expected, often losing a large percentage of their value (in one observed case, roughly 57% depending on how much the attacker inflate the vault share value ). Since the attacker can reverse the manipulation within the same block, the vault’s global state appears normal afterward, leaving victims with no on-chain recovery mechanism. In vaults with limited liquidity or predictable deposit activity, this exploit can be consistently replicated to extract value, eroding depositor trust and protocol integrity over time.
A complete working PoC demonstrates the vulnerability with realistic attack parameters. The PoC shows around 57% loss for the victim and 28,571 USDC profit for the attacker.
ATTACK FLOW: 1. Attacker manipulates underlying pool prices (flash loan / MEV attack) 2. Victim deposits at inflated price → receives heavily diluted shares 3. Attacker reverts price manipulation 4. Victim's diluted shares are worth much less at normal price
RESULT: large loss for victim, attacker profits
TESTING APPROACH: This PoC uses mock contracts to demonstrate the vulnerability logic while complying with Immunefi rules prohibiting mainnet/testnet testing. - Mock contracts simulate Tokemak AutoUSD ecosystem behavior - Tests actual TokeAutoUSDStrategy.sol code via harness pattern - Demonstrates standard ERC4626 share dilution mechanics - All testing performed in isolated local environment
Run with: forge test --match-path src/test/TokeAutoUSD_SandwichPoC.t.sol -vv --evm-version cancun
