Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Fees.sol#sellProfits() - Potential loss of funds when swapping tokens if `sellProfits` is front ran, because of amountOutMinimum = 0

0xdeth

Summary

Potential loss of funds when swapping tokens if sellProfits is front ran, because of amountOutMinimum = 0

Vulnerability Details

When swapping tokens, using Uni V3 there is a parameter amountOutMinimum which basically mean, what is the minimum amount of tokens the contract is willing to accept from the trade. In this case the value is hard coded to 0, meaning the contract is willing to accept nothing from the trade. A malicious user can front run sellProfits, executes a purchase or a sell for the profits token in Uni V3 and manipulate the price, before sellProfits is executed, causing a loss of funds.

Impact

Loss of funds for the protocol, due to front running

Tools Used

Manual review

Recommendations

My suggestion is to add access control to the whole contract and to sellProfits and add another function parameter inside of sellProfits to specify the amountOutMinimum.

// Inherit from Ownable
contract Fees is Ownable
// Add the onlyOwner modifier and add _amountOutMinimum as a parameter
function sellProfits(address _profits, uint256 _amountOutMinimum) public onlyOwner {
require(_profits != WETH, "not allowed");
uint256 amount = IERC20(_profits).balanceOf(address(this));
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: amount,
amountOutMinimum: _amountOutMinimum,
sqrtPriceLimitX96: 0
});
amount = swapRouter.exactInputSingle(params);
IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.