Summary

Whenever users swap tokens on decentralized exchanges, they're exposed to loss via MEV sandwitch attacks and unexpected price changes caused by volatile markets. To protect from such loss, protocols are supposed to provide user protection in terms of minimum tokens received. This is not properly implemented in the swap function.

Vulnerability Details

The swap function is supposed to protect users from losses via via MEV sandwich attacks and market volatility by implementing a minimumTokensOut parameter. However,this function does not check the user has actually provided a value, therefore exposing the contract owner to losses as if the parameter did not exist.

POC:

1. Contract owner needs to swap tokens on Uniswap and therefore calls the function

2. Owner forgets to provide a value for amountOutMinimum_ parameter. Function therefore proceeds to use a default Zero amount.

3. Bob's bot notices that the above transaction lacks protection and can accept any amount Uniswap gives.

4. Bob's sends a sandwich transaction via MEV to frontrun and backrun the swap.

5. Bob's frontrun transaction swaps tokens on the same pool thereby driving up the price of the swap token that contract owner is looking to get.

6. Contract owner's transaction is mined at a high price thereby gets little tokens.

Since this function is only available to the contract owner, I believe then that it is a critical part of the protocol and will be used to swap high volumes of assets. This can result in huge losses for protocol users

Impact

Contract owner is exposed to losses via MEV sandwitch attacks and market volatility since the function can accept any amount received from the swap.

Tools Used

Manual review

Recommendations

Ensure that the amountOutMinimum_ parameter is more than Zero.