First Flight #3: Thunder Loan
First Flight #3
Beginner FriendlyFoundryDeFiOracle
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Depositors should be able to enter maximum slippage or minimum tokens/asset tokens to receive for deposit and redeem

happyformerlawyer

Summary

When depositors deposit the underlying tokens, they receive asset token shares back and when they redeem, they trade their asset tokens back into the underlying tokens. In both cases, the depositor should be able to enter maximum slippage (or a mininmum amount of asset token or token to be received) such that the transaction will revert if they are not satisified with the slippage.

Vulnerability Details

The deposit and redeem function don't have an option to enter maximum slippage or minimum tokens/asset tokens to receive.

Impact

Depositors could get bad exchange rates and also be susceptible to front-running.

Tools Used

Manual review

Recommendations

Add an additional input for deposit of uint256 minimumAssetTokens and then add the following to the deposit function (after calculation of mintAmount):

if(mintAmount < minimumAssetTokens) {
revert ThunderLoan__TooMuchSlippage(mintAmount);}

Add an additional parameter to the redeem function of uint256 minimumUnderlyingTokens and add the following to the redeem function (after amountUnderlying is calculated):

if(amountUnderlying < minimumUnderlyingTokens) {
revert ThunderLoan__TooMuchSlippage(amountUnderlying)};
Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.