FLO-25: Dex Price Susceptible to Sandwich Attacks in Liquidation

## Severity: Low

## Files Affected
- `cadence/contracts/FlowALPv1.cdc`

## Description
In the manualLiquidation() function, the DEX quote is fetched and compared in the same transaction. A sandwich attack can be executed where:
- Front-run: Manipulate DEX pool to worsen its price.
- Liquidation executes: DEX quote is artificially bad, so the liquidator's offer appears "better than DEX".
- Back-run: Reverse manipulation for profit.

## Recommendation
Use TWAP instead of spot quote, or use oracle price as the primary benchmark.

---
Parent Issue: #209



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FLO-25: Dex Price Susceptible to Sandwich Attacks in Liquidation #234

Severity: Low

Files Affected

Description

Recommendation

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

FLO-25: Dex Price Susceptible to Sandwich Attacks in Liquidation #234

Description

Severity: Low

Files Affected

Description

Recommendation

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions