Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

`sellProfits()` executes swaps without slippage protection

Bauer

Summary

In Fees.sellProfits() swaps are executed through the Uniswap V3 router.The amountOutMinimum value has been set to 0,without slippage protection, this is vulnerable to sandwich attacks.

Vulnerability Details

As the code below, the UniV3SwapInput function uses the Uniswap V3 router's exactInput function to perform the swap. However, it does not specify a minimum acceptable amount of the desired token to be received (amountOutMinimum:0). This omission leaves the transaction vulnerable to slippage, as there is no guarantee that the desired output amount will be obtained at the expected price.

function sellProfits(address _profits) public {
require(_profits != WETH, "not allowed");
uint256 amount = IERC20(_profits).balanceOf(address(this));
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});

Impact

Swaps will be sandwiched causing a loss of funds for users.

Tools Used

Vscode

Recommendations

To address this issue, it is recommended to incorporate slippage protection by setting a reasonable amountOutMinimum parameter. This ensures that the swap will only be executed if the received output amount meets or exceeds the specified minimum threshold, protecting against adverse price movements during the transaction.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.