15,000 USDC
View results
Submission Details
Severity: medium

Missing slippage parameter, depositCollateralAndMintDsc() can be front-runned

Summary

The depositCollateralAndMintDsc() function's lack of slippage parameter, exposes it to potential front-running attacks.

Vulnerability Details

The current implementation of the depositCollateralAndMintDsc() function lacks a parameter for controlling slippage, which makes it vulnerable to front-run attacks. allows manipulations during the minting process, leading to price impact.

function depositCollateral(address tokenCollateralAddress, uint256 amountCollateral)
public
moreThanZero(amountCollateral)
isAllowedToken(tokenCollateralAddress)
nonReentrant
{
s_collateralDeposited[msg.sender][tokenCollateralAddress] += amountCollateral;
emit CollateralDeposited(msg.sender, tokenCollateralAddress, amountCollateral);
bool success = IERC20(tokenCollateralAddress).transferFrom(msg.sender, address(this), amountCollateral);
if (!success) {
revert DSCEngine__TransferFailed();
}
}

Impact

Users are at risk of front-run attacks and may lose some DSC from their expectation.

Tools Used

Manual Review

Recommendations

Consider adding a minAmountOut and deadline parameter.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.