Insufficient Slippage Protection in `sellProfits` Function
Summary
The sellProfits function in the "Fees" contract lacks slippage protection during token swaps. Failing to account for slippage can result in users receiving fewer WETH tokens than expected when executing the swap, leading to potential financial losses.
Vulnerability Details
The vulnerability lies in the absence of slippage protection during the token swap in the sellProfits function:
In the code snippet above, the amountOutMinimum parameter is set to 0, indicating that the contract does not specify a minimum amount of WETH tokens expected to be received from the swap. Without slippage protection, if the market price of the _profits token moves unfavorably between the transaction submission and execution, users may receive less WETH than anticipated due to slippage.
Impact
The lack of slippage protection in the token swap can result in users receiving fewer WETH tokens than they expect. In cases of high volatility or illiquid markets, slippage can be significant, leading to potential financial losses for users.
Tools Used
Manual
Recommendations
Set the minimum amount of tokens the user expects to get out of the Pool
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.