The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

No slippage protect for user doing healthy swap can result in his loss

nmirchev8

Summary

Users can lose funds while swapping, if the swap isn't bad for protocol.

Vulnerability Details

After the expoit, the team has mitigated the issue with hardcoded amountOutMinimum to 0, which resulted in major expoit minting large amount of EURO, which are undercollateralized. Now it is calculateMinimumAmountOut is preventing such scenario, but there is another concern, when the position is healthy. If the amount, which is being swaped doesn't participate in current collateral, amountOutMinimum is set to 0, which could result in malicious bot sandwiching user's swap (practically stealing his funds over the required collateral).

Impact

  • Lost of funds of the owner of the vault

Tools Used

Manual Review

Recommendations

  • Implement a slippage tollerance, instead of fixing it to 0, when collateral is enough
    Example:

uint256 swappedAmountExact = calculator.tokenToEur(getToken(_inTokenSymbol), _amount);
uint256 outTokenExactValue = calculator.eurToToken(getToken(_outTokenSymbol), swappedAmountExact);
return (xoutTokenExactValue * 9 9000) / ISmartVaultManagerV3(manager).HUNDRED_PC();
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Slippage-issue

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

Slippage-issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.