Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

No Slippage Protection while Swapping tokens through uniswap router

breeje

Impact

Loss of Funds through MEV

Proof of Concept

Fees contract uses exactInputSingle call whose role is to swap the tokens through Uniswap router.

File: Fees.sol

ISwapRouter.ExactInputSingleParams memory params = ISwapRouter

.ExactInputSingleParams({

tokenIn: _profits,

tokenOut: WETH,

fee: 3000,

recipient: address(this),

deadline: block.timestamp,

amountIn: amount,

amountOutMinimum: 0, // @audit-issue NO Slippage Protection

sqrtPriceLimitX96: 0

});

Link to code

Issue here is that the amountOutMin value has been set to 0 in both the cases. As there is no slippage protection, a malicious actor could, e.g., trivially insert transactions before and after this swapping transaction (using the infamous "sandwich" attack), causing the smart contract to trade at a radically worse price, profit from this at the caller's expense, and then return the contracts to their original state, all at a low cost.

Tools Used

VS Code

Recommended Mitigation Steps

Recommend to add a amountOutMin parameter in the function.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.