Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

there is no limit for amount out from uniswap pool

mahdirostami

Summary

In the sellProfits function, there is no value for amountOutMinimum and sqrtPriceLimitX96.

Vulnerability Details

as mentioned in uniswap docs:

amountOutMinimum: For a real deployment, this value should be calculated using our SDK or an onchain price oracle – this helps protect against getting an unusually bad price for a trade due to a front-running sandwich or another type of price manipulation

sqrtPriceLimitX96: This value can be used to set the limit for the price the swap will push the pool to, which can help protect against price impact or for setting up logic in a variety of price-relevant mechanisms.

Impact

user can lose his money

Tools Used

manual review

Recommendations

don't use 0 for these parameters.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.