The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

SmartVault owner can be sandwiched

timenov

Summary

The SmartVaultV3::swap() function is vulnerable to sandwich attacks due to a lack of slippage protection. The issue arises from the calculation of amountOutMinimum and the default setting of sqrtPriceLimitX96 to 0.

Vulnerability Details

In the calculateMinimumAmountOut() function, when collateralValueMinusSwapValue >= requiredCollateralValue, the return value becomes 0. This, combined with the default sqrtPriceLimitX96 of 0 in the swap() function, exposes the vault owner to sandwich attacks.

function swap(bytes32 _inToken, bytes32 _outToken, uint256 _amount) external onlyOwner {
// ... (existing code)
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({
// ... (existing parameters)
amountOutMinimum: minimumAmountOut,
sqrtPriceLimitX96: 0 // Vulnerable point
});
// ... (existing code)
}

Impact

A sandwich attack can lead to financial losses for the vault owner. The default setting of sqrtPriceLimitX96 allows potential exploitation, jeopardizing the security of the smart contract.

Tools Used

Manual Review.

Recommendations

  1. Ensure that the amountOutMinimum in calculateMinimumAmountOut() is never set to 0.

  2. Specify a non-zero value for the sqrtPriceLimitX96 parameter in the swap() function to establish a stop price.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Slippage-issue

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

Slippage-issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.