The inability to set slippage directly at the time of emergencyClose may make it impossible to respond to emergencies.
Summary
Emergency situations require that the state respond as quickly as possible. Therefore, a fixed slippage is a significant risk of not being able to carry out a transaction, and should be flexible enough to be changed in important functions such as emergencyClose.
There is a possibility that the slippage on the exchange side could be intentionally increased by hackers to prevent progress.
Vulnerability Details
_sp.slippage = self.minSlippage in emergencyClose; this part refers to a fixed slippage.
The minSlippage can be changed by the owner, but since Timelock + MultiSig will be introduced, it may not be possible to respond quickly to emergencies.
Impact
Failure to respond to emergencies can cost the project dearly
Tools Used
Manual
Recommendations
Allow slippage to be set in the emergencyClose parameter.
Lead Judging Commences
Slippage protection on emergency Pause/Resume
Impact: High Likelihood: Low Because the whole lpToken balance is used during the emergency process, the impact is high. But the likelihood is LOW because of the dependence on the emergency.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.