Missing slippage protection
Summary
Missing slippage protection
Vulnerability Details
In the file Fees.sol, inside the function sellProfits, the field amountOutMinimumof the struct ExactInputSingleParams is set to 0.
This means after the swap, the expected amount of the token received should be at least 0 (which is always true). Setting amountOutMinimum: 0 means there is no slippage protection. When there is no slippage protection, a lot less tokens than expected may be received as a result of a sandwich attack, illiquid pools or high-volume trades.
Impact
Because of the way AMMs work, an attack that exploits the missing slippage protection would make the price of the token we are
swapping for really high, so we buy the token at a really high price and getting less of it as a result, so we are essenially
losing money because of the inflated price we buy at. If someone exploits the missing slippage protection through a sandwich attack,
he frontruns our swap transaction, buys an enormous amount of the token we swap for and thus inflates its price because of the
AMM algorithm. After that our swap transaction is executed and the swap is made against the highly inflated in price token and as a result we get a lot less of it than expected. After our transaction, the price of the token we swapped for is still highly inflated (it can be even more inflated because of our swap) and the attacker completes the "sandwich" by selling the highly inflated token at a really high price and gaining profits from the trade.
Tools Used
Manual review
Recommendations
Do not set amountOutMinimum to 0. The value of amountOutMinimum should not be set to an extreme value - setting it really low (as it is currently) disables slippage protection; setting it really really high allows for no slippage to occur, which will make a lot of the swap transactions to revert as there will always be some slippage. So, amountOutMinimum should be set to some non-extreme value that should be aligned with the amount of slippage you are willing to have during swaps.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.