Summary

slippage vulnerability inherent in token swaps. Attackers exploit this vulnerability by initiating trades with large input amounts and specifying low output minimums. This allows them to manipulate the execution price, causing the actual trade price to deviate unfavourably from the expected price. As a result, attackers can potentially receive more tokens than anticipated, leading to financial losses for the contract and its users while destabilising the token swap mechanism.

Vulnerability Details

The slippage vulnerability in L2TokenReceiver::swap arises from the discrepancy between the expected and actual execution prices of trades. When users initiate swaps based on specified input and output amounts, market conditions may cause the actual trade execution price to deviate, resulting in slippage. This vulnerability can lead to failed transactions, as the received output amount may fall short of expectations, causing financial losses and impacting user experience.

Impact

The slippage vulnerability can have several significant impacts on users and the functionality of the protocol:

-Financial Losses: Users may experience unexpected losses due to receiving fewer tokens than anticipated during a swap, resulting in financial discrepancies and reduced asset value.
-Failed Transactions: Slippage can lead to failed transactions or incomplete swaps, disrupting user interactions and hindering the execution of essential functions within decentralized applications

Tools Used

I wrote a test to test for lack of. slippage protection in L2TokenReceive.test.ts to test

Recommendations

The recommended mitigation to prevent Slippage :

• Allow users to set slippage tolerances when initiating swaps.