Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Lack of slippage protection can result in losses due to MEV

toshii

Summary

The sellProfits function, which is used to swap tokens into WETH, which is then transferred into the staking rewards contract, does not have any slippage controls. This can result in MEV which results in significantly less WETH than expected when doing this swap.

Vulnerability Details

The sellProfits function is defined as follows:

function sellProfits(address _profits) public {
require(_profits != WETH, "not allowed");
uint256 amount = IERC20(_profits).balanceOf(address(this));
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});
amount = swapRouter.exactInputSingle(params);
IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
}

The amountOutMinimum and sqrtPriceLimitX96 are both set to 0, meaning that there are no slippage protections for this swap.

Impact

Rewards for stakers will be significantly lower due to loss of profits from swaps to the WETH reward token.

Tools Used

Manual review

Recommendations

Either allow users to specify the slippage parameters in the sellProfits function, or calculate a amountOutMinimum value based on twapp.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.