Swap executed without slippage protection
Summary
The swap is called with amountOutMinimum: 0 and sqrtPriceLimitX96: 0, meaning that there is no slippage protection in this swap.
Vulnerability Details
With the function sellProfits() the user is able to swap their profit tokens for WETH, however, in the implementation of the swap:
We can notice that the minimum expected amount that the user can have returned is zero (amountOutMinimum: 0), which is very risky.
Also, sqrtPriceLimitX96: 0 should neither be set to zero.
Impact
This could result in a significant loss of funds from these profits as MEV bots could “sandwich” this swap by manipulating the price before this transaction and immediately reversing their action after the transaction, profiting at the expense of our swap.
Having a Protocol that will not allow you to take your profits out is very unlikely to be used by users. That's why this must be corrected.
Tools Used
None
Recommendations
The slippage parameters amountOutMinimum and sqrtPriceLimitX96 need to have a proper value set. You can make use of IUniswapV3PriceOracle to forsee the value.
Platforms should also provide a sensible default if the user doesn't specify a value, but user-specified slippage parameters must always override platform defaults.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.