Lack of Slippage Protection
Summary
The sellProfits function in the contract is designed to swap a specified token for WETH. However, it does not implement any control over the minimum amount of WETH that must be received in return. The amountOutMinimum parameter, which could be used to set a floor on the acceptable return, is hardcoded as 0. This means that the swap will be executed regardless of the amount of WETH received.
Vulnerability Details
Lack of Input Validation: By setting the amountOutMinimum to 0, the contract does not enforce any constraints on the price at which the swap is executed.
Potential for Unfavorable Execution: Without slippage control, a trade that looked favorable at the time it was submitted might end up being executed at an unfavorable rate if the price moves before the transaction is processed.
Impact
Potential Financial Loss: Users could receive significantly less WETH than anticipated if the market moves against them between the time the transaction is submitted and when it's processed.
Adverse Selection: Sophisticated users who can monitor market conditions in real time might be able to take advantage of the lack of slippage control to their benefit, potentially at the expense of other users.
Tools Used
Manual
Recommendations
Implement slippage control
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.