sellProfits function should provide a slippage protection
Summary
Users calling the sellProfits function can lose all of the tokens due to missing slippage check.
Vulnerability Details
Hardcoding the amountOutMinimum parameter to 0 exposes users to potential slippage-based attacks and front-running by malicious actors, including MEV (Miner Extractable Value) bots. Slippage refers to the difference between the expected price of a trade and the price at which the trade is executed, resulting in users receiving fewer output tokens than anticipated. By not specifying a minimum output amount, users become vulnerable to the manipulation of token prices during the swap execution.
In the absence of a minimum output requirement, attackers can front-run transactions by monitoring the blockchain for pending swaps and quickly executing trades at more favorable prices before the original transaction is processed. This can lead to users receiving significantly fewer output tokens than they originally expected. Moreover, MEV bots may exploit the lack of minimum output constraints to extract profits from the price discrepancies created during the trade.
Impact
Users can lose funds while swapping tokens.
Tools Used
Manual
Recommendations
Allow the user to set a slippage percentage via frontend and later on use the spot price to calculate the amountOutMinimum
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.