The Standard

Impact

When executing a swap, a user gives a slippage in case the price of the asset swapped moves too far above the initial desired price. If the price exceeds the given slippage, the swap will revert.

In the SmartVaultV3 contract, such slippage is given as the minimum amount the user is willing to receive from the swap and is determined by the calculateMinimumAmountOut() function.

https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultV3.sol#L206-L212

This function can return 0 meaning the user is willing to receive 0 token from the swap

In such case, the pool can be manipulated (e.g. sandwich attack) so the user receives a tiny amount of token in exchange resulting in a loss of funds for the user.

Proof of concept

When the SmartVaultV3::swap() function is executed, the amountOutMinimum is obtained using the calculateMinimumAmountOut() function.

https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultV3.sol#L214-L231

Assume the following :

• user swaps 100 token A for token B

• the price of token A equals the price of token B when the user wants to executed the swap

• function returns 0, meaning the user is willing to receive 0 token from the swap

An attacker frontruns the transaction and swaps a large amount of token A to obtain almost all the balance of token B on this pool, leaving almost 0 token B

The user transaction takes place and, because of the attacker, the price of token B has increased meaning he receives 1 token B, given its 100 token A

As a result, the user meant to receive 100 token B but end up with 1 token B only.

Tools used

Manual analysis

Recommended mitigation steps

The calculateMinimumAmountOut() function should not possibly return 0.

We could mitigate the issue by returning a percentage of the expected amount recevied at the time of the swap.