Beedle - Oracle free perpetual lending

Summary

The smart contract contains a potential vulnerability that may result in a lack of price slippage control and unrestricted price execution during the sellProfits function.

Vulnerability Details

In the sellProfits function, the following two parameters are set to 0:

• sqrtPriceLimitX96: This parameter is used to limit the price range of the trade. Setting it to 0 means that the trade is not restricted by any specific price range, which may result in the execution of trades at unfavorable prices for users.

• amountOutMinimum: This parameter is used to set the minimum output amount required by the user for the trade. Setting it to 0 means that there is no minimum output amount requirement, potentially leading to trades with minimal or even zero output amounts.

These settings allow trades to execute without any slippage control and without ensuring that the output meets the user's expectations, increasing the risk associated with the trades.

Impact

The vulnerability may lead to the following issues:

• Users may execute trades at unfavorable prices, resulting in unnecessary losses.

• The output amount of the trade may be minimal or even zero, failing to meet the user's expectations.

Tools Used

Manual review

Recommendations

To address this vulnerability and enhance the security of the smart contract, the following improvements are recommended:

• In the sellProfits function, set an appropriate value for sqrtPriceLimitX96 to restrict the price range of the trade. Ensure that the chosen value aligns with the expected price interval to prevent unfavorable trade execution.

• Set an appropriate value for amountOutMinimum to ensure that the output of the trade meets the user's minimum requirements. Avoid situations where the output amount is too small or zero.