The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of slippage control can lead to users losing tokens to sandwich attacks

carrotsmuggler

Summary

The code returns a minAmountOut of 0. This can lead to users losing tokens to sandwich attacks.

Vulnerability Details

The function calculateMinimumAmountOut calculates the miniumum amount expected from the swap. The issue is that for certain cases it returns 0 as shown below.

return collateralValueMinusSwapValue >= requiredCollateralValue ?
0 : calculator.eurToToken(getToken(_outTokenSymbol), requiredCollateralValue - collateralValueMinusSwapValue);

So users swapping their safe collateral can be sandwiched and lose all their tokens due to essentially no slippage control. This is very common on the mainnet and thus is of high severity.

Impact

Users can lost most of their funds while doing a swap due to lack of slippage control.

Tools Used

Manual review

Recommendations

Allow users to specify a minimumAmountOut which can be overriden by the contract if necessary for swaps of collateral already supporting minted tokens.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Slippage-issue

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

Slippage-issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.