Hardcoded Token Swap Parameters in Uniswap Integration
Summary
The sellProfits() function in the provided code contains hardcoded values for the amountOutMinimum and sqrtPriceLimitX96 parameters, both set to 0. This vulnerability removes the price constraint and the minimum output amount constraint for the token swap, potentially leading to unfavorable trade execution and financial losses for users.
Vulnerability Details
The sellProfits() function executes a token swap using Uniswap's exactInputSingle function. However, the ExactInputSingleParams struct used for the swap has amountOutMinimum and sqrtPriceLimitX96 hardcoded to 0. By setting these parameters to 0, the function allows the swap to occur at any price within the liquidity pool's price range and without any specified minimum output amount, exposing users to risks such as receiving lower amounts of the output token than expected.
Impact
The hardcoded values for amountOutMinimum and sqrtPriceLimitX96 in the sellProfits function can result in several negative outcomes for users. Without a price constraint, users may execute the trade at unfavorable prices due to potential market volatility. Additionally, the lack of a minimum output amount constraint may lead to users receiving significantly lower amounts of the desired token than anticipated, causing financial losses and unfavorable trading outcomes.
Tools Used
manual review
Recommendations
To address this vulnerability, it is essential to modify the sellProfits function to accept amountOutMinimum and sqrtPriceLimitX96 parameters as input from the user.
Note: using either one of these value will prevent user for sandwich attack, no need of both
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.