The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Inadequate Slippage checks swapping token in `SmartVaultV3::swap(...)`

ua1552

Summary

The slippage check implemented in the SmartVaultV3::swap(...) function is insufficient, as the minAmountOut can still be zero, potentially leading to a loss of tokens.

Vulnerability Details

The SmartVaultV3::swap(...) function utilizes the SmartVault::calculateMinimumAmountOut(...) function to determine the minimum expected amount resulting from a token swap. However, the calculation is flawed. If the user's token swap doesn't impact the minimum required collateral for the minted token, the returned minAmountOut can be zero. Consequently, the token swap may allow for the return of 0 tokens, resulting in high slippage and potential substantial loss of assets for the user.

function calculateMinimumAmountOut(bytes32 _inTokenSymbol, bytes32 _outTokenSymbol, uint256 _amount) private view returns (uint256) {

ISmartVaultManagerV3 _manager = ISmartVaultManagerV3(manager);

uint256 requiredCollateralValue = minted * _manager.collateralRate() / _manager.HUNDRED_PC();

uint256 collateralValueMinusSwapValue = euroCollateral() - calculator.tokenToEur(getToken(_inTokenSymbol), _amount);

@> return collateralValueMinusSwapValue >= requiredCollateralValue ?

0 : calculator.eurToToken(getToken(_outTokenSymbol), requiredCollateralValue - collateralValueMinusSwapValue);

}

Additionally, if the contracts are deployed on the L1 blockchain, this vulnerability could expose the system to sandwich attacks, resulting in expensive swaps for the vault owner and potential loss of value for the user. In a sandwich attack scenario, malicious actors could exploit the slippage vulnerability to manipulate token prices, causing expensive swaps for the vault owner and potential loss of value for the user.

Impact

Users may experience a loss of tokens.

Tools Used

Manual Review

Recommendations

It is advised to incorporate user input for the minAmountOut rather than relying solely on calculations from other functions.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

Slippage-issue

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

Slippage-issue

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!